Oracle Solaris Third-Party Patch Update : samba (cve_2012_1182_arbitrary_code)
Critical Nessus Plugin ID 80762
SynopsisThe remote Solaris system is missing a security patch for third-party software.
DescriptionThe remote Solaris system is missing necessary patches to address security updates :
- The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. (CVE-2012-1182)
SolutionUpgrade to Solaris 11/11 SRU 7.5.