https://www.networkworld.com/news/2012/041112-samba-security-patch-fixes-critical-258173.html By Lucian Constantin IDG News Service April 11, 2012 The developers of Samba, the open source software that enables file and print sharing between Linux, Windows and Mac OS X computers, released security patches on Tuesday to address a critical vulnerability that can be exploited by remote attackers to execute arbitrary code on systems where the Samba service is running. The vulnerability is identified as CVE-2012-1182 and is located in Samba's code that handles the processing of remote procedure call (RPC) requests, particularly their translation into a Network Data Representation (NDR) format. A client can send a specially crafted RPC call to a Samba server in order to exploit the vulnerability and execute unauthorized code with administrative privileges (root) on the system. "As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately," the Samba development team said in a security advisory. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Wed Apr 11 2012 - 23:50:31 PDT
This archive was generated by hypermail 2.2.0 : Wed Apr 11 2012 - 23:52:12 PDT