This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samba. Authentication is not required to exploit this vulnerability. The specific flaw exists within the way Samba handles SetInfoPolicy requests. When parsing the data send in the request Samba uses the field ‘settings’ to create a heap allocation but then uses another field, ‘count’, to write data to the allocation. Because there is no check to see if ‘count’ is smaller than ‘settings’ this could result in a heap buffer overflow that could lead to remote code execution.

References

www.samba.org/samba/security/CVE-2012-1182

oraclelinux 5

canvas 2

openvas 41

redhat 5

debian 2

cisa 1

packetstorm 2

ibm 1

f5 2

nessus 29

zdi 8

centos 4

checkpoint_advisories 2

suse 5

veracode 1

securityvulns 3

ubuntucve 1

seebug 1

thn 1

cve 1

freebsd 1

fedora 3

prion 1

altlinux 2

samba 1

debiancve 1

ubuntu 1

nmap 72

oraclelinux

openchange security, bug fix and enhancement update

2013-02-27 00:00:00

samba3x security update

2012-04-10 00:00:00

samba4 security, bug fix and enhancement update

2013-02-27 00:00:00

canvas

Immunity Canvas: CVE_2012_1182_NONX

2012-04-10 17:55:02

Immunity Canvas: CVE_2012_1182

2012-04-10 21:55:00

openvas

FreeBSD Ports: samba34

2012-04-30 00:00:00

Oracle: Security Advisory (ELSA-2013-0506)

2015-10-06 00:00:00

CentOS Update for openchange CESA-2013:0515 centos6

2013-03-12 00:00:00

redhat

(RHSA-2012:0478) Critical: samba security update

2012-04-13 00:00:00

(RHSA-2012:0466) Critical: samba3x security update

2012-04-10 00:00:00

(RHSA-2013:0506) Moderate: samba4 security, bug fix and enhancement update

2013-02-21 00:00:00

debian

[BSA-070] Security Update for samba

2012-04-14 08:51:02

[SECURITY] [DSA 2450-1] samba security update

2012-04-12 20:29:01

cisa

Samba Releases Updates for 3.0.x - 3.6.3

2012-04-11 00:00:00

packetstorm

Samba 3.x Remote Root

2012-09-25 00:00:00

Samba SetInformationPolicy AuditEventsInfo Heap Overflow

2012-09-28 00:00:00

ibm

Security Bulletin: SONAS Fix Available for Samba Remote Code Execution Vulnerability (CVE-2012-1182)

2022-09-26 04:23:14

K13719 : Samba vulnerability CVE-2012-1182

2013-08-29 00:00:00

SOL13719 - Samba vulnerability CVE-2012-1182

2012-07-10 00:00:00

nessus

Oracle Solaris Third-Party Patch Update : samba (cve_2012_1182_arbitrary_code)

2015-01-19 00:00:00

Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 : samba vulnerability (USN-1423-1)

2012-04-13 00:00:00

CentOS 5 : samba3x (CESA-2012:0466)

2012-04-11 00:00:00

zdi

Samba NDR PULL LSA TrustDomainInfoControllers Heap Overflow Remote Code Execution Vulnerability

2012-04-18 00:00:00

Samba lsa_LookupNames Heap Overflow Remote Code Execution Vulnerability

2012-04-18 00:00:00

Samba ndr_ValidatePassword heap overflow Remote Code Execution Vulnerability

2012-04-18 00:00:00

centos

samba4 security update

2013-02-27 19:38:13

libsmbclient, samba security update

2012-04-10 21:30:27

samba3x security update

2012-04-10 21:13:02

checkpoint_advisories

Samba SetInformationPolicy AuditEventsInfo Heap Overflow (CVE-2012-1182)

2013-07-28 00:00:00

Samba DCE RPC IDL Parser Out-of-bounds Array Access (CVE-2012-1182)

2012-10-14 00:00:00

suse

Security update for Samba (critical)

2012-04-14 10:08:18

update for samba (critical)

2012-04-16 16:08:12

Security update for Samba (critical)

2012-04-14 10:08:19

veracode

Remote Code Execution (RCE)

2019-01-15 08:57:16

securityvulns

[security bulletin] HPSBMU02790 SSRT100872 rev.1 - HP Server Automation, Remote Execution of Arbitrary Code

2012-06-17 00:00:00

HP Server Automation code execution

2012-06-17 00:00:00

Samba array index overflow

2012-04-19 00:00:00

ubuntucve

CVE-2012-1182

2012-04-10 00:00:00

seebug

Samba < 3.6.3 版本ndr_pull_lsa_SidArray堆溢出漏洞(CVE-2012-1182)

2012-04-12 00:00:00

thn

Samba remote code execution vulnerability, Patch Released !

2012-04-12 12:10:00

cve

CVE-2012-1182

2012-04-10 21:55:00

freebsd

samba -- "root" credential remote code execution

2012-04-10 00:00:00

fedora

[SECURITY] Fedora 16 Update: samba4-4.0.0-38.alpha16.fc16

2012-05-15 23:28:34

[SECURITY] Fedora 15 Update: samba4-4.0.0-26.alpha11.fc15.6

2012-05-03 07:32:37

[SECURITY] Fedora 16 Update: samba4-4.0.0-39.alpha16.fc16

2013-02-05 03:11:28

prion

Input validation

2012-04-10 21:55:00

altlinux

Security fix for the ALT Linux 6 package samba version 3.5.14-alt1.M60P.1

2012-04-11 00:00:00

Security fix for the ALT Linux 5 package samba version 3.0.37-alt5.M50P.1

2012-04-11 00:00:00

samba

"root" credential remote code execution.

2012-04-10 00:00:00

debiancve

CVE-2012-1182

2012-04-10 21:55:00

ubuntu

Samba vulnerability

2012-04-13 00:00:00

nmap

ipv6-multicast-mld-list NSE Script

2015-12-19 15:50:08

mysql-variables NSE Script

2010-01-26 09:40:38

http-malware-host NSE Script

2009-09-16 14:15:13

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.494 Medium

EPSS

Percentile

97.5%

JSON

Related for ZDI-12-069