Veracode Vulnerability DatabaseVERACODE:24982Arbitrary Code Execution
0.961 High
EPSS
Percentile
99.5%
samba is vulnerable to arbitrary code execution. The vulnerability exist as an input validation flaw was found in the way Samba handled Any Batched (AndX) requests. A remote, unauthenticated attacker could send a specially-crafted SMB packet to the Samba server, possibly resulting in arbitrary code execution with the privileges of the Samba server (root).
References
btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html
lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
secunia.com/advisories/48116
secunia.com/advisories/48186
secunia.com/advisories/48844
secunia.com/advisories/48879
support.apple.com/kb/HT5281
www.samba.org/samba/security/CVE-2012-0870
www.ubuntu.com/usn/USN-1374-1
access.redhat.com/errata/RHSA-2012:0332
access.redhat.com/security/cve/CVE-2012-0870
access.redhat.com/security/updates/classification/#critical
bugzilla.redhat.com/show_bug.cgi?id=795509
exchange.xforce.ibmcloud.com/vulnerabilities/73361
Related
