banner

[Rule] Rules  [Home] Main Forum  [Portal] Portal  
[Members] Member Listing  [Statistics] Statistics  [Search] Search  [Reading Room] Reading Room 
[Register] Register  
[Login] Loginhttp  | https  ]
 
Forum Index Thông tin new bugs và exploits Samba "root" credential remote code execution  XML
  [Announcement]   Samba "root" credential remote code execution 11/04/2012 11:59:42 (+0700) | #1 | 261187
[Avatar]
afterlastangel
Member

[Minus]    0    [Plus]
Joined: 08/12/2007 21:58:13
Messages: 33
Offline
[Profile] [PM] [WWW]
FYI

Vì tính nguy hiểm của bug này nên mọi người nên chú ý update ngay khi có patch.

https://www.samba.org/samba/security/CVE-2012-1182


Samba versions 3.6.3 and all versions previous to this are affected by
a vulnerability that allows remote code execution as the "root" user
from an anonymous connection.

The code generator for Samba's remote procedure call (RPC) code
contained an error which caused it to generate code containing a
security flaw. This generated code is used in the parts of Samba that
control marshalling and unmarshalling of RPC calls over the network.

The flaw caused checks on the variable containing the length of an
allocated array to be done independently from the checks on the
variable used to allocate the memory for that array. As both these
variables are controlled by the connecting client it makes it possible
for a specially crafted RPC call to cause the server to execute
arbitrary code.

As this does not require an authenticated connection it is the most
serious vulnerability possible in a program, and users and vendors are
encouraged to patch their Samba installations immediately. 

Beneath this mask there is more than flesh. Beneath this mask there is an idea, and ideas are bulletproof.
[Up] [Print Copy]
[digg] [delicious] [google] [yahoo] [technorati] [reddit] [stumbleupon]
Go to: 
 Users currently in here 
1 Anonymous

Powered by JForum - Extended by HVAOnline
 hvaonline.net  |  hvaforum.net  |  hvazone.net  |  hvanews.net  |  vnhacker.org
1999 - 2013 © v2012|0504|218|