• February 24, 2025, 01:39:19 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: SAMBA, remote code execution vulnerability(root)  (Read 3087 times)

sparomba

  • Level 1 Member
  • *
  • Posts: 14
SAMBA, remote code execution vulnerability(root)
« on: April 11, 2012, 04:00:53 AM »
Please fix this ASAP!

Quote from: http://www.samba.org/samba/security/CVE-2012-0870
Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
(smbd) are increasing strictly monotonically.

Therefore a remote code execution vulnerability exists in the smbd service.
A remote attacker could use the vulnerability to launch an exploit over a
network connection.

A fix has been released on samba.org


You have <2 months left to distribute the patches for your NAS Systems before the exploit will be released to public.
Quote from: http://www.ngssecure.com/research/research-overview/Vulnerabilities/Patch-Notifications/SambaAndx.aspx
NGS Secure is going to withhold details of this flaw for three months. This three month window will allow users the time needed to apply the patch before the details are released to the general public. This reflects the NGS Secure approach to responsible disclosure.

Logged