Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 547
Alerts This Week
Warning Icon 1 547

Critical Samba Security Update for Scientific Linux - Remote Code Execution

Scientific Large Esm H446
Critical: samba security update
Date: Fri, 24 Feb 2012 08:38:47 -0600
Reply-To: Pat Riehecky 
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Organization: Fermilab
Subject: Security ERRATA Critical: samba on SL4.x i386/x86_64
MIME-Version: 1.0

Synopsis: Critical: samba security update
Issue Date: 2012-02-23
CVE Numbers: CVE-2012-0870

Samba is a suite of programs used by machines to share files, printers, and
other information.

An input validation flaw was found in the way Samba handled Any Batched
(AndX) requests. A remote, unauthenticated attacker could send a
specially-crafted SMB packet to the Samba server, possibly resulting in
arbitrary code execution with the privileges of the Samba server (root).
(CVE-2012-0870)

Users of Samba are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue. After installing this
update, the smb service will be restarted automatically.

SL4:
 i386
 samba-3.0.33-0.35.el4.i386.rpm
 samba-client-3.0.33-0.35.el4.i386.rpm
 samba-common-3.0.33-0.35.el4.i386.rpm
 samba-debuginfo-3.0.33-0.35.el4.i386.rpm
 samba-swat-3.0.33-0.35.el4.i386.rpm
 x86_64
 samba-3.0.33-0.35.el4.x86_64.rpm
 samba-client-3.0.33-0.35.el4.x86_64.rpm
 samba-common-3.0.33-0.35.el4.i386.rpm
 samba-common-3.0.33-0.35.el4.x86_64.rpm
 samba-debuginfo-3.0.33-0.35.el4.i386.rpm
 samba-debuginfo-3.0.33-0.35.el4.x86_64.rpm
 samba-swat-3.0.33-0.35.el4.x86_64.rpm

- Scientific Linux Development Team