[ISN] Samba security patch fixes critical remote code execution hole

From: InfoSec News <alerts_at_private>
Date: Thu, 12 Apr 2012 01:50:31 -0500 (CDT)
https://www.networkworld.com/news/2012/041112-samba-security-patch-fixes-critical-258173.html

By Lucian Constantin
IDG News Service
April 11, 2012

The developers of Samba, the open source software that enables file and print 
sharing between Linux, Windows and Mac OS X computers, released security 
patches on Tuesday to address a critical vulnerability that can be exploited by 
remote attackers to execute arbitrary code on systems where the Samba service 
is running.

The vulnerability is identified as CVE-2012-1182 and is located in Samba's code 
that handles the processing of remote procedure call (RPC) requests, 
particularly their translation into a Network Data Representation (NDR) format.

A client can send a specially crafted RPC call to a Samba server in order to 
exploit the vulnerability and execute unauthorized code with administrative 
privileges (root) on the system.

"As this does not require an authenticated connection it is the most serious 
vulnerability possible in a program, and users and vendors are encouraged to 
patch their Samba installations immediately," the Samba development team said 
in a security advisory.

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Received on Wed Apr 11 2012 - 23:50:31 PDT

This archive was generated by hypermail 2.2.0 : Wed Apr 11 2012 - 23:52:12 PDT