Bug 405551 (CVE-2012-0870)

Summary:	<net-fs/samba-3.4.2 : Any Batched Request Handling Buffer Overflow Vulnerability (CVE-2012-0870)
Product:	Gentoo Security	Reporter:	Agostino Sarubbo <ago>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://secunia.com/advisories/48152/
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---

Description Agostino Sarubbo gentoo-dev

2012-02-24 10:33:56 UTC

From secunia security advisory at $URL:

Description:
A vulnerability has been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in process.c when handling Any Batched (AndX) request packets and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 3.4.0.


Solution
Update to version 3.4.0 or later or apply patch.

Comment 1 Agostino Sarubbo gentoo-dev

2012-02-24 10:35:08 UTC

@security:

ok to glsa for it?

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2012-02-24 19:36:23 UTC

(In reply to comment #1)
> @security:
> 
> ok to glsa for it?

Yep. Added to existing GLSA request. Thanks.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2012-02-25 00:49:21 UTC

CVE-2012-0870 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0870):
  Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the
  file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and
  other products, allows remote attackers to cause a denial of service (daemon
  crash) or possibly execute arbitrary code via a Batched (aka AndX) request
  that triggers infinite recursion.

Comment 4 GLSAMaker/CVETool Bot gentoo-dev

2012-06-24 13:05:39 UTC

This issue was resolved and addressed in
 GLSA 201206-22 at http://security.gentoo.org/glsa/glsa-201206-22.xml
by GLSA coordinator Sean Amoss (ackle).