Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 405551 (CVE-2012-0870) - <net-fs/samba-3.4.2 : Any Batched Request Handling Buffer Overflow Vulnerability (CVE-2012-0870)
Summary: <net-fs/samba-3.4.2 : Any Batched Request Handling Buffer Overflow Vulnerabil...
Alias: CVE-2012-0870
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on:
Reported: 2012-02-24 10:33 UTC by Agostino Sarubbo
Modified: 2012-06-24 13:05 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-02-24 10:33:56 UTC
From secunia security advisory at $URL:

A vulnerability has been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in process.c when handling Any Batched (AndX) request packets and can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 3.4.0.

Update to version 3.4.0 or later or apply patch.
Comment 1 Agostino Sarubbo gentoo-dev 2012-02-24 10:35:08 UTC

ok to glsa for it?
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-02-24 19:36:23 UTC
(In reply to comment #1)
> @security:
> ok to glsa for it?

Yep. Added to existing GLSA request. Thanks.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-02-25 00:49:21 UTC
CVE-2012-0870 (
  Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the
  file-sharing service on the BlackBerry PlayBook tablet before and
  other products, allows remote attackers to cause a denial of service (daemon
  crash) or possibly execute arbitrary code via a Batched (aka AndX) request
  that triggers infinite recursion.
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2012-06-24 13:05:39 UTC
This issue was resolved and addressed in
 GLSA 201206-22 at
by GLSA coordinator Sean Amoss (ackle).