Red Hat Security Advisory 2013-0515-02 - The openchange packages provide libraries to access Microsoft Exchange servers using native protocols. Evolution-MAPI uses these libraries to integrate the Evolution PIM application with Microsoft Exchange servers. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler. As OpenChange uses code generated by PIDL, this could have resulted in buffer overflows in the way OpenChange handles RPC calls. With this update, the code has been generated with an updated version of PIDL to correct this issue. The openchange packages have been upgraded to upstream version 1.0, which provides a number of bug fixes and enhancements over the previous version, including support for the rebased samba4 packages and several API changes.
5c9dd4885b245ecf8ed98fec1242a39231d294c129bcbb7e1f55c61f932d8dc5
Red Hat Security Advisory 2013-0506-02 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw was found in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls. This could result in code generated by the PIDL compiler to not sufficiently protect against buffer overflows. The samba4 packages have been upgraded to upstream version 4.0.0, which provides a number of bug fixes and enhancements over the previous version. In particular, improved interoperability with Active Directory domains. SSSD now uses the libndr-krb5pac library to parse the Privilege Attribute Certificate issued by an AD Key Distribution Center .
b4f586366b5141c1d1a1fbcbba40b5840262fafcced1a44a41f7ab8f27a62fcb
This Metasploit module triggers a vulnerability in the LSA RPC service of the Samba daemon because of an error on the PIDL auto-generated code. Making a specially crafted call to SetInformationPolicy to set a PolicyAuditEventsInformation allows to trigger a heap overflow and finally execute arbitrary code with root privileges. The module uses brute force to guess the system() address and redirect flow there in order to bypass NX. The start and stop addresses for brute forcing have been calculated empirically. On the other hand the module provides the StartBrute and StopBrute which allow the user to configure his own addresses.
9949872fc1ebdc3a22c30908a1250ac0f492dd32e5fa7cdf09b5146958389629
HP Security Bulletin HPSBUX02789 SSRT100824 3 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or elevate privileges. Revision 3 of this advisory.
ede63ffb5a2f14c0429fc9a03eebbb53fb85c803709c1fe088d7af87e5a33b45
Gentoo Linux Security Advisory 201206-22 - Multiple vulnerabilities have been found in Samba, the worst of which may allow execution of arbitrary code with root privileges. Versions less than 3.5.15 are affected.
3a8fd8a24a3985683e4babf848739763a038475b7f8effd578be0119268b2f7f
HP Security Bulletin HPSBUX02789 SSRT100824 - Potential security vulnerabilities have been identified with HP-UX CIFS-Server (Samba). The vulnerabilities could be exploited remotely to execute arbitrary code or elevate privileges. Revision 1 of this advisory.
18a75793c99460c649e856173de1d4e2b746ae5d8223c6908af7703f3b5ab684
HP Security Bulletin HPSBMU02790 SSRT100872 - A potential security vulnerability has been identified with HP Server Automation for Linux and SunOS. This vulnerability could by exploited remotely resulting in the execution of arbitrary code. The vulnerability is in Samba which is used in HP Server Automation. Revision 1 of this advisory.
af0e7a4c6db8639f20483e55e8c75872cc1c7d21031f9c997e53b454ff867b65
Ubuntu Security Notice 1423-1 - Brian Gorenc discovered that Samba incorrectly calculated array bounds when handling remote procedure calls (RPC) over the network. A remote, unauthenticated attacker could exploit this to execute arbitrary code as the root user.
704df03b3052c8f11de9921496d8a6951e3b0ae29b75bbbae2c06a4435a51f7a
Red Hat Security Advisory 2012-0478-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
18abb32cf9211542fd5a4c9fa789e88cd4d5530dd19accafd5056d840cd3a798
Debian Linux Security Advisory 2450-1 - It was discovered that Samba, the SMB/CIFS file, print, and login server, contained a flaw in the remote procedure call (RPC) code which allowed remote code execution as the super user from an unauthenticated connection.
e046a9837a078cecc89818dd89c20058b986e8358ee2ed27ad3347a2b66377bc
Mandriva Linux Security Advisory 2012-055 - The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call. The updated packages have been patched to correct this issue.
676cd5caa1a00ec6655d780e2a43329e69c8af366edce0bac72c298a8f52bb1d
Red Hat Security Advisory 2012-0466-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
ac3d0a5cf4ad166161f6d299cf8b70631e442e80e31a75c43f97926eb4e060f3
Red Hat Security Advisory 2012-0465-01 - Samba is an open-source implementation of the Server Message Block or Common Internet File System protocol, which allows PC-compatible machines to share files, printers, and other information. A flaw in the Samba suite's Perl-based DCE/RPC IDL compiler, used to generate code to handle RPC calls, resulted in multiple buffer overflows in Samba. A remote, unauthenticated attacker could send a specially-crafted RPC request that would cause the Samba daemon to crash or, possibly, execute arbitrary code with the privileges of the root user.
5a04569b6919bd0a20fe7431a7493f6484a21e57dfa7115a5e0ef655365f0b8d