[Bug 978458] Re: CVE-2012-1182: "root" credential remote code execution
Launchpad Bug Tracker
978458 at bugs.launchpad.net
Thu Apr 12 23:38:19 UTC 2012
This bug was fixed in the package samba - 2:3.4.7~dfsg-1ubuntu3.9
---------------
samba (2:3.4.7~dfsg-1ubuntu3.9) lucid-security; urgency=low
* SECURITY UPDATE: Unauthenticated remote code execution via
RPC calls (LP: #978458)
- debian/patches/CVE-2012-1182-1.patch: Fix PIDL compiler to generate code
that uses the same value for array allocation and array length checks.
Based on upstream patch.
- debian/patches/CVE-2012-1182-2.patch: Regenerate PIDL generated files with
the patched PIDL compiler
- CVE-2012-1182
-- Tyler Hicks <tyhicks at canonical.com> Thu, 12 Apr 2012 05:28:44 -0500
** Changed in: samba (Ubuntu Hardy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to samba in Ubuntu.
https://bugs.launchpad.net/bugs/978458
Title:
CVE-2012-1182: "root" credential remote code execution
Status in “samba” package in Ubuntu:
In Progress
Status in “samba” source package in Lucid:
Fix Released
Status in “samba” source package in Natty:
Fix Released
Status in “samba” source package in Oneiric:
Fix Released
Status in “samba” source package in Precise:
In Progress
Status in “samba” source package in Hardy:
Fix Released
Status in “samba” package in CentOS:
Unknown
Status in “samba” package in Debian:
New
Status in “samba” package in Fedora:
Unknown
Bug description:
CVE-2012-1182 was recently made public for a remote, unauthenticated,
root code execution flaw in most samba versions 3.0+:
https://www.samba.org/samba/security/CVE-2012-1182
I believe Ubuntu's packages to be vulnerable. As the CVE is already
public and patches are in the wild, I am flagging this as a security
vulnerability but will un-privatize it shortly.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/samba/+bug/978458/+subscriptions
More information about the foundations-bugs
mailing list