Opened 13 years ago
Closed 12 years ago
#34455 closed defect (fixed)
samba3 @3.2.15_2 request to add CVE-2012-1182 patch
Reported by: | nonstop.server@… | Owned by: | mww@… |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | ||
Port: | samba3 |
Description
Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user.
A patch has been released for all Samba versions due to the seriousness of this vulnerability.
More information concerning this security issue and the released patch can be found here:
- Announcement for CVE-2012-1182
- CVE-ID: CVE-2012-1182
- Download patch for version 3.2.15
Change History (4)
comment:1 Changed 12 years ago by jmroot (Joshua Root)
Cc: | mww@… removed |
---|---|
Owner: | changed from macports-tickets@… to mww@… |
Priority: | Normal → High |
Type: | enhancement → defect |
Version: | 2.0.4 |
comment:2 follow-up: 3 Changed 12 years ago by ryandesign (Ryan Carsten Schmidt)
comment:3 Changed 12 years ago by nonstop.server@…
Replying to ryandesign@…:
No, there are no outstanding security updates against Samba version 3.6.6.
CVE-2012-1182 has been solved since security release 3.6.4 of Samba.
============================= Release Notes for Samba 3.6.4 April 10, 2012 ============================= This is a security release in order to address CVE-2012-1182 ("root" credential remote code execution). o CVE-2012-1182: Samba 3.0.x to 3.6.3 are affected by a vulnerability that allows remote code execution as the "root" user. Changes since 3.6.3: -------------------- o Stefan Metzmacher <metze@samba.org> *BUG 8815: PIDL based autogenerated code allows overwriting beyond of allocated array (CVE-2012-1182).
comment:4 Changed 12 years ago by ryandesign (Ryan Carsten Schmidt)
Resolution: | → fixed |
---|---|
Status: | new → closed |
Note: See
TracTickets for help on using
tickets.
The samba3 port is at version 3.6.6. Is that version still affected?