Mandriva Update For Samba MDVSA-2012:055 (samba) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in samba: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call (CVE-2012-1182). The updated packages have been patched to correct this issue.

Affected

samba on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-1182
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:191 (OpenEXR)
Mandrake Security Advisory MDVSA-2009:118 (kernel)
Mandrake Security Advisory MDVSA-2009:045 (php)
Mandrake Security Advisory MDVSA-2009:182 (firefox)
Mandrake Security Advisory MDVSA-2009:013 (mplayer)

Mandriva Update for samba MDVSA-2012:055 (samba)

Take action and discover your vulnerabilities