SUSE: 2012:0348-1 Critical: Samba Remote Code Execution Threat
suse
March 9, 2012
An update that solves one vulnerability and has 13 fixes is An update that solves one vulnerability and has 13 fixes is An update that solves one vulnerability and has 13 fixes is ...
Summary
This Samba file server update fixes various security issues: * CVE-2012-0870: A heap-based buffer overflow that could be exploited by remote, unauthenticated attackers to crash the smbd daemon or potentially execute arbitrary code via specially crafted SMB AndX request packets. * CVE-2011-2694: A cross site scripting problem in SWAT was fixed. * CVE-2011-0719: Fixed a possible denial of service caused by memory corruption. * CVE-2010-3069: Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID). * CVE-2010-2063: Addressed possible buffer overrun in chain_reply code of pre-3.4 versions. * CVE-2010-1642: An uninitialized variable read could have caused an smbd crash. * CVE-2010-0787: Take extra care that a mount point of
Topics Covered
References
#550002 #561894 #577868 #592198 #599873 #605935
#611927 #613459 #637218 #652620 #670431 #705241
#708503 #747934
Cross- CVE-2012-0870
Affected Products:
SUSE Linux Enterprise Server 10 SP2
https://www.suse.com/security/cve/CVE-2012-0870.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2012:0348-1
Rating: critical
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!