[Bug 980758] Re: new buffer overflow attack on samba 3.6.3 -> enables unauthenticated remote root access
Sean DS
980758 at bugs.launchpad.net
Fri Apr 13 12:16:58 UTC 2012
Here is the patch. Samba 3.6.4 does not have this vulnerability.
** Patch added: "Patch for the unauthenticated root exploit bug - taken directly from samba website"
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/980758/+attachment/3058739/+files/samba-3.6.3-CVE-2012-1182.patch
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2012-1182
** Changed in: samba (Ubuntu)
Status: New => Invalid
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/980758
Title:
new buffer overflow attack on samba 3.6.3 -> enables unauthenticated
remote root access
Status in “samba” package in Ubuntu:
Invalid
Bug description:
binary hint: samba
references:
[1] http://www.darkreading.com/vulnerability-
management/167901026/security/application-security/232900170/linux-
users-beware-patch-new-samba-flaw-immediately.html
[2] http://blog.spiderlabs.com/2012/04/rce-root-in-all-current-samba-
versions.html
[3] https://www.samba.org/samba/security/CVE-2012-1182
A fix has been released and a patch is available, we should definately
get this fix into the LTS, as so many people use samba.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/980758/+subscriptions
More information about the foundations-bugs
mailing list