CVE-2012-1182

Samba < 3.4.15 - Numeric Error

Title source: rule

Description

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotelinux

https://www.exploit-db.com/exploits/21850

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by Unknown, blasty, mephos, sinn3r, juan vazquez · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/samba/setinfopolicy_heap.rb

View Code ZIP pw:eip

References (27)

[Mailing List] http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html

[Mailing List] http://marc.info/?l=bugtraq&m=133951282306605&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=134323086902585&w=2

[Third Party Advisory] http://secunia.com/advisories/48751

[Third Party Advisory] http://secunia.com/advisories/48754

[Third Party Advisory] http://secunia.com/advisories/48816

[Third Party Advisory] http://secunia.com/advisories/48818

[Third Party Advisory] http://secunia.com/advisories/48844

[Vendor Advisory] http://support.apple.com/kb/HT5281

[Various Sources] http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2450

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2012:055

[Various Sources] http://www.samba.org/samba/history/samba-3.6.4.html

[Vendor Advisory] http://www.ubuntu.com/usn/USN-1423-1

[Vendor Advisory] https://www.samba.org/samba/security/CVE-2012-1182

... and 7 more

Scores

EPSS 0.7681

EPSS Percentile 99.0%

Details

CWE

CWE-189

Status published

Products (37)

samba/samba 3.0.0

samba/samba 3.0.1

samba/samba 3.0.2 (2 CPE variants)

samba/samba 3.0.2a

samba/samba 3.0.3

samba/samba 3.0.4 (2 CPE variants)

samba/samba 3.0.5

samba/samba 3.0.6

samba/samba 3.0.7

samba/samba 3.0.8

... and 27 more

Published Apr 10, 2012

Tracked Since Feb 18, 2026