Rapid7 VulnDB

RHSA-2012:0332: samba security update

Back to Search

RHSA-2012:0332: samba security update

Severity
8
CVSS
(AV:A/AC:M/Au:N/C:C/I:C/A:C)
Published
02/23/2012
Created
07/25/2018
Added
03/08/2012
Modified
07/04/2017

Description

Samba is a suite of programs used by machines to share files, printers, andother information.An input validation flaw was found in the way Samba handled Any Batched(AndX) requests. A remote, unauthenticated attacker could send aspecially-crafted SMB packet to the Samba server, possibly resulting inarbitrary code execution with the privileges of the Samba server (root).(CVE-2012-0870)Red Hat would like to thank the Samba team for reporting this issue.Upstream acknowledges Andy Davis of NGS Secure as the original reporter.Users of Samba are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing thisupdate, the smb service will be restarted automatically.

Solution(s)

  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-debuginfo
  • redhat-upgrade-samba-swat

References

  • redhat-upgrade-libsmbclient
  • redhat-upgrade-libsmbclient-devel
  • redhat-upgrade-samba
  • redhat-upgrade-samba-client
  • redhat-upgrade-samba-common
  • redhat-upgrade-samba-debuginfo
  • redhat-upgrade-samba-swat

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;