The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | * | 3.4.15 (including) |
| Samba | Samba | 3.0.0 (including) | 3.0.0 (including) |
| Samba | Samba | 3.0.1 (including) | 3.0.1 (including) |
| Samba | Samba | 3.0.2 (including) | 3.0.2 (including) |
| Samba | Samba | 3.0.2-a (including) | 3.0.2-a (including) |
| Samba | Samba | 3.0.2a (including) | 3.0.2a (including) |
| Samba | Samba | 3.0.3 (including) | 3.0.3 (including) |
| Samba | Samba | 3.0.4 (including) | 3.0.4 (including) |
| Samba | Samba | 3.0.4-rc1 (including) | 3.0.4-rc1 (including) |
| Samba | Samba | 3.0.5 (including) | 3.0.5 (including) |
| Samba | Samba | 3.0.6 (including) | 3.0.6 (including) |
| Samba | Samba | 3.0.7 (including) | 3.0.7 (including) |
| Samba | Samba | 3.0.8 (including) | 3.0.8 (including) |
| Samba | Samba | 3.0.9 (including) | 3.0.9 (including) |
| Samba | Samba | 3.0.10 (including) | 3.0.10 (including) |
| Samba | Samba | 3.0.11 (including) | 3.0.11 (including) |
| Samba | Samba | 3.0.12 (including) | 3.0.12 (including) |
| Samba | Samba | 3.0.13 (including) | 3.0.13 (including) |
| Samba | Samba | 3.0.14 (including) | 3.0.14 (including) |
| Samba | Samba | 3.0.14-a (including) | 3.0.14-a (including) |
| Samba | Samba | 3.0.14a (including) | 3.0.14a (including) |
| Samba | Samba | 3.0.15 (including) | 3.0.15 (including) |
| Samba | Samba | 3.0.16 (including) | 3.0.16 (including) |
| Samba | Samba | 3.0.17 (including) | 3.0.17 (including) |
| Samba | Samba | 3.0.18 (including) | 3.0.18 (including) |
| Samba | Samba | 3.0.19 (including) | 3.0.19 (including) |
| Samba | Samba | 3.0.20 (including) | 3.0.20 (including) |
| Samba | Samba | 3.0.20-a (including) | 3.0.20-a (including) |
| Samba | Samba | 3.0.20-b (including) | 3.0.20-b (including) |
| Samba | Samba | 3.0.20a (including) | 3.0.20a (including) |
| Samba | Samba | 3.0.20b (including) | 3.0.20b (including) |
| Samba | Samba | 3.0.21 (including) | 3.0.21 (including) |
| Samba | Samba | 3.0.21-a (including) | 3.0.21-a (including) |
| Samba | Samba | 3.0.21-b (including) | 3.0.21-b (including) |
| Samba | Samba | 3.0.21-c (including) | 3.0.21-c (including) |
| Samba | Samba | 3.0.21a (including) | 3.0.21a (including) |
| Samba | Samba | 3.0.21b (including) | 3.0.21b (including) |
| Samba | Samba | 3.0.21c (including) | 3.0.21c (including) |
| Samba | Samba | 3.0.22 (including) | 3.0.22 (including) |
| Samba | Samba | 3.0.23 (including) | 3.0.23 (including) |
| Samba | Samba | 3.0.23-a (including) | 3.0.23-a (including) |
| Samba | Samba | 3.0.23-b (including) | 3.0.23-b (including) |
| Samba | Samba | 3.0.23-c (including) | 3.0.23-c (including) |
| Samba | Samba | 3.0.23-d (including) | 3.0.23-d (including) |
| Samba | Samba | 3.0.23a (including) | 3.0.23a (including) |
| Samba | Samba | 3.0.23b (including) | 3.0.23b (including) |
| Samba | Samba | 3.0.23c (including) | 3.0.23c (including) |
| Samba | Samba | 3.0.23d (including) | 3.0.23d (including) |
| Samba | Samba | 3.0.24 (including) | 3.0.24 (including) |
| Samba | Samba | 3.0.25 (including) | 3.0.25 (including) |
| Samba | Samba | 3.0.25-a (including) | 3.0.25-a (including) |
| Samba | Samba | 3.0.25-b (including) | 3.0.25-b (including) |
| Samba | Samba | 3.0.25-c (including) | 3.0.25-c (including) |
| Samba | Samba | 3.0.25-pre1 (including) | 3.0.25-pre1 (including) |
| Samba | Samba | 3.0.25-pre2 (including) | 3.0.25-pre2 (including) |
| Samba | Samba | 3.0.25-rc1 (including) | 3.0.25-rc1 (including) |
| Samba | Samba | 3.0.25-rc2 (including) | 3.0.25-rc2 (including) |
| Samba | Samba | 3.0.25-rc3 (including) | 3.0.25-rc3 (including) |
| Samba | Samba | 3.0.25a (including) | 3.0.25a (including) |
| Samba | Samba | 3.0.25b (including) | 3.0.25b (including) |
| Samba | Samba | 3.0.25c (including) | 3.0.25c (including) |
| Samba | Samba | 3.0.26 (including) | 3.0.26 (including) |
| Samba | Samba | 3.0.26-a (including) | 3.0.26-a (including) |
| Samba | Samba | 3.0.26a (including) | 3.0.26a (including) |
| Samba | Samba | 3.0.27 (including) | 3.0.27 (including) |
| Samba | Samba | 3.0.27-a (including) | 3.0.27-a (including) |
| Samba | Samba | 3.0.28 (including) | 3.0.28 (including) |
| Samba | Samba | 3.0.28-a (including) | 3.0.28-a (including) |
| Samba | Samba | 3.0.29 (including) | 3.0.29 (including) |
| Samba | Samba | 3.0.30 (including) | 3.0.30 (including) |
| Samba | Samba | 3.0.31 (including) | 3.0.31 (including) |
| Samba | Samba | 3.0.32 (including) | 3.0.32 (including) |
| Samba | Samba | 3.0.33 (including) | 3.0.33 (including) |
| Samba | Samba | 3.0.34 (including) | 3.0.34 (including) |
| Samba | Samba | 3.0.35 (including) | 3.0.35 (including) |
| Samba | Samba | 3.0.36 (including) | 3.0.36 (including) |
| Samba | Samba | 3.0.37 (including) | 3.0.37 (including) |
| Samba | Samba | 3.1.0 (including) | 3.1.0 (including) |
| Samba | Samba | 3.2.0 (including) | 3.2.0 (including) |
| Samba | Samba | 3.2.1 (including) | 3.2.1 (including) |
| Samba | Samba | 3.2.2 (including) | 3.2.2 (including) |
| Samba | Samba | 3.2.3 (including) | 3.2.3 (including) |
| Samba | Samba | 3.2.4 (including) | 3.2.4 (including) |
| Samba | Samba | 3.2.5 (including) | 3.2.5 (including) |
| Samba | Samba | 3.2.6 (including) | 3.2.6 (including) |
| Samba | Samba | 3.2.7 (including) | 3.2.7 (including) |
| Samba | Samba | 3.2.8 (including) | 3.2.8 (including) |
| Samba | Samba | 3.2.9 (including) | 3.2.9 (including) |
| Samba | Samba | 3.2.10 (including) | 3.2.10 (including) |
| Samba | Samba | 3.2.11 (including) | 3.2.11 (including) |
| Samba | Samba | 3.2.12 (including) | 3.2.12 (including) |
| Samba | Samba | 3.2.13 (including) | 3.2.13 (including) |
| Samba | Samba | 3.2.14 (including) | 3.2.14 (including) |
| Samba | Samba | 3.2.15 (including) | 3.2.15 (including) |
| Samba | Samba | 3.3.0 (including) | 3.3.0 (including) |
| Samba | Samba | 3.3.1 (including) | 3.3.1 (including) |
| Samba | Samba | 3.3.2 (including) | 3.3.2 (including) |
| Samba | Samba | 3.3.3 (including) | 3.3.3 (including) |
| Samba | Samba | 3.3.4 (including) | 3.3.4 (including) |
| Samba | Samba | 3.3.5 (including) | 3.3.5 (including) |
| Samba | Samba | 3.3.6 (including) | 3.3.6 (including) |
| Samba | Samba | 3.3.7 (including) | 3.3.7 (including) |
| Samba | Samba | 3.3.8 (including) | 3.3.8 (including) |
| Samba | Samba | 3.3.9 (including) | 3.3.9 (including) |
| Samba | Samba | 3.3.10 (including) | 3.3.10 (including) |
| Samba | Samba | 3.3.11 (including) | 3.3.11 (including) |
| Samba | Samba | 3.3.12 (including) | 3.3.12 (including) |
| Samba | Samba | 3.3.13 (including) | 3.3.13 (including) |
| Samba | Samba | 3.3.14 (including) | 3.3.14 (including) |
| Samba | Samba | 3.3.15 (including) | 3.3.15 (including) |
| Samba | Samba | 3.3.16 (including) | 3.3.16 (including) |
| Samba | Samba | 3.4.0 (including) | 3.4.0 (including) |
| Samba | Samba | 3.4.1 (including) | 3.4.1 (including) |
| Samba | Samba | 3.4.2 (including) | 3.4.2 (including) |
| Samba | Samba | 3.4.3 (including) | 3.4.3 (including) |
| Samba | Samba | 3.4.4 (including) | 3.4.4 (including) |
| Samba | Samba | 3.4.5 (including) | 3.4.5 (including) |
| Samba | Samba | 3.4.6 (including) | 3.4.6 (including) |
| Samba | Samba | 3.4.7 (including) | 3.4.7 (including) |
| Samba | Samba | 3.4.8 (including) | 3.4.8 (including) |
| Samba | Samba | 3.4.9 (including) | 3.4.9 (including) |
| Samba | Samba | 3.4.10 (including) | 3.4.10 (including) |
| Samba | Samba | 3.4.11 (including) | 3.4.11 (including) |
| Samba | Samba | 3.4.12 (including) | 3.4.12 (including) |
| Samba | Samba | 3.4.13 (including) | 3.4.13 (including) |
| Samba | Samba | 3.4.14 (including) | 3.4.14 (including) |
| Red Hat Enterprise Linux 4 Extended Lifecycle Support | RedHat | samba-0:3.0.33-3.36.el4 | * |
| Red Hat Enterprise Linux 5 | RedHat | samba-0:3.0.33-3.39.el5_8 | * |
| Red Hat Enterprise Linux 5 | RedHat | samba3x-0:3.5.10-0.108.el5_8 | * |
| Red Hat Enterprise Linux 5.3 Long Life | RedHat | samba-0:3.0.33-3.7.el5_3.5 | * |
| Red Hat Enterprise Linux 5.6 EUS - Server Only | RedHat | samba-0:3.0.33-3.29.el5_6.5 | * |
| Red Hat Enterprise Linux 5.6 EUS - Server Only | RedHat | samba3x-0:3.5.4-0.70.el5_6.2 | * |
| Red Hat Enterprise Linux 6 | RedHat | samba-0:3.5.10-115.el6_2 | * |
| Red Hat Enterprise Linux 6 | RedHat | samba4-0:4.0.0-55.el6.rc4 | * |
| Red Hat Enterprise Linux 6 | RedHat | evolution-mapi-0:0.28.3-12.el6 | * |
| Red Hat Enterprise Linux 6 | RedHat | openchange-0:1.0-4.el6 | * |
| Red Hat Enterprise Linux 6.0 EUS - Server Only | RedHat | samba-0:3.5.4-68.el6_0.3 | * |
| Red Hat Enterprise Linux 6.1 EUS - Server Only | RedHat | samba-0:3.5.6-86.el6_1.5 | * |
| Samba | Ubuntu | devel | * |
| Samba | Ubuntu | hardy | * |
| Samba | Ubuntu | lucid | * |
| Samba | Ubuntu | maverick | * |
| Samba | Ubuntu | natty | * |
| Samba | Ubuntu | oneiric | * |
References
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
- http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2
- http://secunia.com/advisories/48751
- http://secunia.com/advisories/48754
- http://secunia.com/advisories/48816
- http://secunia.com/advisories/48818
- http://secunia.com/advisories/48844
- http://secunia.com/advisories/48873
- http://secunia.com/advisories/48879
- http://secunia.com/advisories/48999
- http://support.apple.com/kb/HT5281
- http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
- http://www.debian.org/security/2012/dsa-2450
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:055
- http://www.samba.org/samba/history/samba-3.6.4.html
- http://www.securitytracker.com/id?1026913
- http://www.ubuntu.com/usn/USN-1423-1
- https://www.samba.org/samba/security/CVE-2012-1182
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
- http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2
- http://secunia.com/advisories/48751
- http://secunia.com/advisories/48754
- http://secunia.com/advisories/48816
- http://secunia.com/advisories/48818
- http://secunia.com/advisories/48844
- http://secunia.com/advisories/48873
- http://secunia.com/advisories/48879
- http://secunia.com/advisories/48999
- http://support.apple.com/kb/HT5281
- http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578
- http://www.debian.org/security/2012/dsa-2450
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:055
- http://www.samba.org/samba/history/samba-3.6.4.html
- http://www.securitytracker.com/id?1026913
- http://www.ubuntu.com/usn/USN-1423-1
- https://www.samba.org/samba/security/CVE-2012-1182