FileStore SAMBA security issue CVE-2012-1182

Article:TECH186389  |  Created: 2012-04-12  |  Updated: 2012-04-12  |  Article URL http://www.symantec.com/docs/TECH186389
Article Type
Technical Solution


Issue



Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection.

The code generator for Samba's remote procedure call (RPC) code contained an error which caused it to generate code containing a security flaw. This generated code is used in the parts of Samba that control marshalling and unmarshalling of RPC calls over the network.

The flaw caused checks on the variable containing the length of an allocated array to be done independently from the checks on the variable used to allocate the memory for that array.  As both these variables are controlled by the connecting client it makes it possible for a specially crafted RPC call to cause the server to execute arbitrary code.

 


Environment



FileStore 5.6 and FileStore 5.7



Solution



This issue will be solved by an update to the SAMBA distribution included with the FileStore product in the following releases:

5.6P5 and later

5.7P3 and later


Supplemental Materials

SourceETrack
Value2747518
Description

CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user.



Article URL http://www.symantec.com/docs/TECH186389


Terms of use for this information are found in Legal Notices