Mandriva Update For Samba MDVSA-2012:055 (samba) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability has been found and corrected in samba: The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call (CVE-2012-1182). The updated packages have been patched to correct this issue.

Affected

samba on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2, Mandriva Linux 2010.1

Severity

Classification

CVE CVE-2012-1182

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:093 (mpg123)
Mandrake Security Advisory MDVSA-2009:149 (apache)
Mandrake Security Advisory MDVSA-2009:144 (ghostscript)
Mandrake Security Advisory MDVSA-2009:060-1 (nfs-utils)
Mandrake Security Advisory MDVSA-2009:012 (mozilla-thunderbird)

Mandriva Update for samba MDVSA-2012:055 (samba)

Take action and discover your vulnerabilities