Add link to security bugs in bugzilla

[samba-web.git] / security / CVE-2012-0870.html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<title>Samba - Security Announcement Archive</title>
</head>

<body>

   <H2>CVE-2012-0870:</H2>

<p>
<pre>
===========================================================
== Subject:     Remote code execution vulnerability in smbd
==
== CVE ID#:     CVE-2012-0870
==
== Versions:    Samba pre-3.4.0
==
== Summary:     Ensure AndX offsets are increasing strictly monotonically
==              in pre-3.4 versions
==
===========================================================

===========
Description
===========

Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
(smbd) are increasing strictly monotonically.

Therefore a remote code execution vulnerability exists in the smbd service.
A remote attacker could use the vulnerability to launch an exploit over a
network connection.

==========
Workaround
==========

None.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

As all pre-3.4.0 versions are discontinued at least since August 9, 2011 even
for security patches, the patches are provided as an extra service to our
community, users, and vendors.

=======
Credits
=======

The vulnerability was discovered by Andy Davis of NGS Secure¹ and reported to
Research In Motion².

The patches were written by Volker Lendecke of the Samba Team.

==========
References
==========

¹ http://www.ngssecure.com/research/research-overview.aspx
² http://www.blackberry.com/btsc/KB29565

</pre>
</body>
</html>