=========================================================== == Subject: Remote code execution vulnerability in smbd == == CVE ID#: CVE-2012-0870 == == Versions: Samba pre-3.4.0 == == Summary: Ensure AndX offsets are increasing strictly monotonically == in pre-3.4 versions == =========================================================== =========== Description =========== Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon (smbd) are increasing strictly monotonically. Therefore a remote code execution vulnerability exists in the smbd service. A remote attacker could use the vulnerability to launch an exploit over a network connection. ========== Workaround ========== None. ================== Patch Availability ================== A patch addressing this defect has been posted to http://www.samba.org/samba/security/ As all pre-3.4.0 versions are discontinued at least since August 9, 2011 even for security patches, the patches are provided as an extra service to our community, users, and vendors. ======= Credits ======= The vulnerability was discovered by Andy Davis of NGS Secure¹ and reported to Research In Motion². The patches were written by Volker Lendecke of the Samba Team. ========== References ========== ¹ http://www.ngssecure.com/research/research-overview.aspx ² http://www.blackberry.com/btsc/KB29565