Samba 'AndX' Request Heap-Based Buffer Overflow

Critical Nessus Plugin ID 58327

Synopsis

The remote Samba service is vulnerable to a heap overflow attack.

Description

The remote Samba install is prone to a heap-based buffer overflow attack.

An attacker can exploit this issue to execute arbitrary code with the privileges of the application. Failed exploit attempts will result in a denial of service condition.

Solution

Apply patches from the vendor.

See Also

https://www.samba.org/samba/security/CVE-2012-0870.html

https://www.samba.org/samba/history/security.html

Plugin Details

Severity: Critical

ID: 58327

File Name: samba_andx_heap_overflow.nbin

Version: 1.102

Type: remote

Family: Misc.

Published: 2012/03/13

Updated: 2019/07/17

Dependencies: 10785, 11153

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:samba:samba

Required KB Items: SMB/NativeLanManager, SMB/samba

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2012/02/21

Vulnerability Publication Date: 2012/02/21

Reference Information

CVE: CVE-2012-0870

BID: 52103