Opened 12 years ago
Closed 12 years ago
#34455 closed defect (fixed)
samba3 @3.2.15_2 request to add CVE-2012-1182 patch
| Reported by: | nonstop.server@… | Owned by: | mww@… |
|---|---|---|---|
| Priority: | High | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | Cc: | ||
| Port: | samba3 |
Description
Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user.
A patch has been released for all Samba versions due to the seriousness of this vulnerability.
More information concerning this security issue and the released patch can be found here:
- Announcement for CVE-2012-1182
- CVE-ID: CVE-2012-1182
- Download patch for version 3.2.15
Change History (4)
comment:1 Changed 12 years ago by jmroot (Joshua Root)
| Cc: | mww@… removed |
|---|---|
| Owner: | changed from macports-tickets@… to mww@… |
| Priority: | Normal → High |
| Type: | enhancement → defect |
| Version: | 2.0.4 |
comment:2 follow-up: 3 Changed 12 years ago by ryandesign (Ryan Carsten Schmidt)
comment:3 Changed 12 years ago by nonstop.server@…
Replying to ryandesign@…:
No, there are no outstanding security updates against Samba version 3.6.6.
CVE-2012-1182 has been solved since security release 3.6.4 of Samba.
=============================
Release Notes for Samba 3.6.4
April 10, 2012
=============================
This is a security release in order to address
CVE-2012-1182 ("root" credential remote code execution).
o CVE-2012-1182:
Samba 3.0.x to 3.6.3 are affected by a
vulnerability that allows remote code
execution as the "root" user.
Changes since 3.6.3:
--------------------
o Stefan Metzmacher <metze@samba.org>
*BUG 8815: PIDL based autogenerated code allows overwriting beyond of
allocated array (CVE-2012-1182).
comment:4 Changed 12 years ago by ryandesign (Ryan Carsten Schmidt)
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
The samba3 port is at version 3.6.6. Is that version still affected?