[Bug 978458] Re: CVE-2012-1182: "root" credential remote code execution

Jamie Strandboge jamie at ubuntu.com
Thu Apr 12 15:35:22 UTC 2012 

** Also affects: samba (Ubuntu Hardy)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Natty)
   Importance: Undecided
       Status: New

** Also affects: samba (Ubuntu Oneiric)
   Importance: Undecided
       Status: New

** Changed in: samba (Ubuntu Lucid)
       Status: New => In Progress

** Changed in: samba (Ubuntu Lucid)
   Importance: Undecided => High

** Changed in: samba (Ubuntu Lucid)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: samba (Ubuntu Natty)
       Status: New => In Progress

** Changed in: samba (Ubuntu Natty)
   Importance: Undecided => High

** Changed in: samba (Ubuntu Natty)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: samba (Ubuntu Oneiric)
       Status: New => In Progress

** Changed in: samba (Ubuntu Oneiric)
   Importance: Undecided => High

** Changed in: samba (Ubuntu Oneiric)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

** Changed in: samba (Ubuntu Hardy)
       Status: New => In Progress

** Changed in: samba (Ubuntu Hardy)
   Importance: Undecided => High

** Changed in: samba (Ubuntu Hardy)
     Assignee: (unassigned) => Tyler Hicks (tyhicks)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458

Title:
  CVE-2012-1182: "root" credential remote code execution

Status in “samba” package in Ubuntu:
  In Progress
Status in “samba” source package in Lucid:
  In Progress
Status in “samba” source package in Natty:
  In Progress
Status in “samba” source package in Oneiric:
  In Progress
Status in “samba” source package in Precise:
  In Progress
Status in “samba” source package in Hardy:
  In Progress
Status in “samba” package in CentOS:
  Unknown
Status in “samba” package in Debian:
  New
Status in “samba” package in Fedora:
  Unknown

Bug description:
  CVE-2012-1182 was recently made public for a remote, unauthenticated,
  root code execution flaw in most samba versions 3.0+:

  https://www.samba.org/samba/security/CVE-2012-1182

  I believe Ubuntu's packages to be vulnerable.  As the CVE is already
  public and patches are in the wild, I am flagging this as a security
  vulnerability but will un-privatize it shortly.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions

More information about the foundations-bugs mailing list