Red Hat Customer Portal

Skip to main content

CVE-2012-1182

Impact:
Critical
Public Date:
2012-04-10
CWE:
CWE-228->CWE-122
Bugzilla:
804093: CVE-2012-1182 samba: Multiple heap-based buffer overflows in memory management based on NDR marshalling code output

The MITRE CVE dictionary describes this issue as:

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Find out more about CVE-2012-1182 from the MITRE CVE dictionary dictionary and NIST NVD.

Statement

This issue affects the version of samba4, openchange and evolution-mapi packages as shipped with Red Hat Enterprise Linux 6. A future security update may address this flaw.

CVSS v2 metrics

NOTE: The following CVSS v2 metrics and score provided are preliminary and subject to review.

Base Score 8.3
Base Metrics AV:A/AC:L/Au:N/C:C/I:C/A:C
Access Vector Adjacent Network
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (samba) RHSA-2012:0465 2012-04-10
Red Hat Enterprise Linux Long Life (v. 5.3 server) (samba) RHSA-2012:0465 2012-04-10
Red Hat Enterprise Linux 5 (samba) RHSA-2012:0465 2012-04-10
Red Hat Enterprise Linux 5 (samba3x) RHSA-2012:0466 2012-04-10
Red Hat Enterprise Linux 6 (various) RHSA-2013:0515 2013-02-20
Red Hat Enterprise Linux EUS (v. 5.6 server) (samba3x) RHSA-2012:0466 2012-04-10
Red Hat Enterprise Linux EUS (v. 5.6 server) (samba) RHSA-2012:0465 2012-04-10
Red Hat Enterprise Linux Extended Lifecycle Support 4 (samba) RHSA-2012:0478 2012-04-13
Red Hat Enterprise Linux Server EUS (v. 6.0) (samba) RHSA-2012:0465 2012-04-10
Red Hat Enterprise Linux 6 (samba4) RHSA-2013:0506 2013-02-20
Red Hat Enterprise Linux Server EUS (v. 6.1) (samba) RHSA-2012:0465 2012-04-10

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 4 samba Affected

External References

Last Modified