CVE-2012-1182

Name of the Vulnerable Software and Affected Versions openSUSE versions prior to the fixed version Samba versions prior to 3.5.15 Samba versions 3.x before 3.4.16 Samba versions 3.5.x before 3.5.14 Samba versions 3.6.x before 3.6.4

Description The issue is related to multiple vulnerabilities in the Samba software, which can lead to a disruption of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. The RPC code generator in Samba does not implement validation of an array length in a manner consistent with validation of array memory allocation, allowing remote attackers to execute arbitrary code via a crafted RPC call.

Recommendations For Samba versions prior to 3.5.15, update to version 3.5.15 or later. For Samba versions 3.x before 3.4.16, update to version 3.4.16 or later. For Samba versions 3.5.x before 3.5.14, update to version 3.5.14 or later. For Samba versions 3.6.x before 3.6.4, update to version 3.6.4 or later. As a temporary workaround, consider restricting access to the vulnerable RPC endpoints until a patch is available.