Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

SUSE: 2012:0337-1 Critical: Samba Buffer Overflow Remote Code Execution

suse
Calendar Grey March 8, 2012
Dist Suse Esm H88
SUSE Security Patch for Samba resolves severe buffer overflow risk alongside two supplementary enhancements.
An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes An update that solves one vulnerability and has two fixes is now...

Summary

This update of Samba fixes a heap-based buffer overflow that could be exploited by remote, unauthenticated attackers to crash the smbd daemon or potentially execute arbitrary code via specially crafted SMB AndX request packets (CVE-2012-0870). Also fixed two non security bugs: * Fix to handle domain join using NetBIOS name; (bnc #633729). * Fixed the DFS referral response for msdfs root; (bnc#703655). Security Issue reference: * CVE-2012-0870 Package List: - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64): cifs-mount-3.0.36-0.13.18.1 ldapsmb-1.34b-25.13.18.1 libmsrpc-3.0.36-0.13.18.1 libmsrpc-devel-3.0.36-0.13.18.1 libsmbclient-3.0.36-0.13.18.1 libsmbclient-devel-3.0.36-0.13.18.1

Topics%20covered

Topics Covered

security advisory security update buffer overflow critical remote code execution SUSE Samba

References

#633729 #703655 #747934

Cross- CVE-2012-0870

Affected Products:

SUSE Linux Enterprise Server 10 SP4

SUSE Linux Enterprise Server 10 SP3 LTSS

SUSE Linux Enterprise Desktop 10 SP4

SLE SDK 10 SP4

https://www.suse.com/security/cve/CVE-2012-0870.html

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2012:0337-1
Rating: critical

Topics%20covered

Topics Covered

security advisory security update buffer overflow critical remote code execution SUSE Samba

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here