Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 411487 (CVE-2012-1182) - <net-fs/samba-3.5.14: "root" credential remote code execution. (CVE-2012-1182)
Summary: <net-fs/samba-3.5.14: "root" credential remote code execution. (CVE-2012-1182)
Status: RESOLVED FIXED
Alias: CVE-2012-1182
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal blocker (vote)
Assignee: Gentoo Security
URL: http://www.samba.org/samba/security/C...
Whiteboard: B0 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-04-10 17:52 UTC by Chris Shelton
Modified: 2012-06-24 13:05 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Shelton 2012-04-10 17:52:16 UTC
Recently announced at http://www.samba.org/samba/security/CVE-2012-1182:
"Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user.  Samba 3.6.4, Samba 3.5.14 and 3.4.16 have been issued as security releases to correct the defect."
...
"As this does not require an authenticated connection it is the most serious vulnerability possible in a program, and users and vendors are encouraged to patch their Samba installations immediately."
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2012-04-10 17:59:31 UTC
Thanks for the bug, Chris, appreciate it.

@samba, from the upstream advisory at $URL:

Additionally, Samba 3.6.4, Samba 3.5.14 and 3.4.16 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at:
Comment 2 Patrick Lauer gentoo-dev 2012-04-11 03:47:57 UTC
+  11 Apr 2012; Patrick Lauer <patrick@gentoo.org> +samba-3.5.14.ebuild,
+  +samba-3.6.4.ebuild:
+  Bump for #411487

Suggest stabling of 3.5.14 as we're still missing keywords on 3.6
Comment 3 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-04-11 03:56:39 UTC
(In reply to comment #2)
> +  11 Apr 2012; Patrick Lauer <patrick@gentoo.org> +samba-3.5.14.ebuild,
> +  +samba-3.6.4.ebuild:
> +  Bump for #411487
> 
> Suggest stabling of 3.5.14 as we're still missing keywords on 3.6

To get things stabilised faster, I agree. This bug has replaced a net-fs/samba-3.6.3 STABLEREQ bug, but as I said, I think 3.5.14 has a chance of being stabilised sooner and for a critical security issue like this, that's important IMO.
Comment 4 Tim Sammut (RETIRED) gentoo-dev 2012-04-11 04:58:00 UTC
Thanks, guys.

Arches, please test and mark stable:
=net-fs/samba-3.5.14
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
Comment 5 Andreas Schürch gentoo-dev 2012-04-11 07:51:04 UTC
x86 stable, thanks.
Comment 6 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-04-11 09:38:39 UTC
Archtested on amd64: Everything looks OK to me
Comment 7 Patrick Lauer gentoo-dev 2012-04-11 12:25:53 UTC
amd64 stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2012-04-11 15:24:57 UTC
Why are keywords missing on 3.6.*? Someone should file a keywording bug for that.

Stable for HPPA.
Comment 9 Víctor Ostorga (RETIRED) gentoo-dev 2012-04-12 15:50:37 UTC
(In reply to comment #8)
> Why are keywords missing on 3.6.*? Someone should file a keywording bug for
> that.
> 
> Stable for HPPA.

sys-libs/ldb , a net-fs/samba DEPEND, must be keyworded first; check bug 377809 . 

I feel tempted to close that bug and reopen one that includes both sys-libs/ldb and net-fs/samba
Comment 10 Markus Meier gentoo-dev 2012-04-15 16:52:48 UTC
arm stable
Comment 11 Raúl Porcel (RETIRED) gentoo-dev 2012-04-15 18:40:13 UTC
alpha/ia64/s390/sh/sparc stable
Comment 12 Brent Baude (RETIRED) gentoo-dev 2012-04-16 17:06:48 UTC
ppc done
Comment 13 Brent Baude (RETIRED) gentoo-dev 2012-04-17 21:35:31 UTC
ppc64 done
Comment 14 Sean Amoss (RETIRED) gentoo-dev Security 2012-04-17 22:17:01 UTC
Thanks, everyone. GLSA is already drafted and ready for review.
Comment 15 GLSAMaker/CVETool Bot gentoo-dev 2012-04-28 02:16:05 UTC
CVE-2012-1182 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1182):
  The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and
  3.6.x before 3.6.4 does not implement validation of an array length in a
  manner consistent with validation of array memory allocation, which allows
  remote attackers to execute arbitrary code via a crafted RPC call.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 13:05:44 UTC
This issue was resolved and addressed in
 GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml
by GLSA coordinator Sean Amoss (ackle).