Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-1182 — Samba RCE via RPC

Disclosure Date: April 10, 2012
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

Successful exploitation of this vulnerability allows remote code execution as the “root” user from an anonymous connection.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

References

Advisory

Additional Info

Technical Analysis