cvelistv5 - cve-2012-1182

CVE-2012-1182 (GCVE-0-2012-1182)

Vulnerability from cvelistv5

Published

2012-04-10 21:00

Modified

2024-08-06 18:53

Severity ?

CWE

Summary

The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.

References

URL

Tags

	http://www.mandriva.com/security/advisories?name=MDVSA-2012:055	vendor-advisory, x_refsource_MANDRIVA
	http://www.samba.org/samba/history/samba-3.6.4.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html	vendor-advisory, x_refsource_SUSE
	https://www.samba.org/samba/security/CVE-2012-1182	x_refsource_CONFIRM
	http://secunia.com/advisories/48751	third-party-advisory, x_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html	vendor-advisory, x_refsource_SUSE
	http://www.debian.org/security/2012/dsa-2450	vendor-advisory, x_refsource_DEBIAN
	http://marc.info/?l=bugtraq&m=134323086902585&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/48844	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-1423-1	vendor-advisory, x_refsource_UBUNTU
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html	vendor-advisory, x_refsource_FEDORA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html	vendor-advisory, x_refsource_FEDORA
	http://secunia.com/advisories/48816	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html	vendor-advisory, x_refsource_FEDORA
	http://marc.info/?l=bugtraq&m=133951282306605&w=2	vendor-advisory, x_refsource_HP
	http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html	vendor-advisory, x_refsource_SUSE
	http://secunia.com/advisories/48879	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/48754	third-party-advisory, x_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html	vendor-advisory, x_refsource_FEDORA
	http://www.securitytracker.com/id?1026913	vdb-entry, x_refsource_SECTRACK
	http://secunia.com/advisories/48818	third-party-advisory, x_refsource_SECUNIA
	http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578	x_refsource_CONFIRM
	http://secunia.com/advisories/48999	third-party-advisory, x_refsource_SECUNIA
	http://marc.info/?l=bugtraq&m=133951282306605&w=2	vendor-advisory, x_refsource_HP
	http://support.apple.com/kb/HT5281	x_refsource_CONFIRM
	http://lists.apple.com/archives/security-announce/2012/May/msg00001.html	vendor-advisory, x_refsource_APPLE
	http://marc.info/?l=bugtraq&m=134323086902585&w=2	vendor-advisory, x_refsource_HP
	http://secunia.com/advisories/48873	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:53:36.132Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2012:055",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:055"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.samba.org/samba/history/samba-3.6.4.html"
          },
          {
            "name": "SUSE-SU-2012:0501",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.samba.org/samba/security/CVE-2012-1182"
          },
          {
            "name": "48751",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48751"
          },
          {
            "name": "SUSE-SU-2012:0515",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html"
          },
          {
            "name": "DSA-2450",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2450"
          },
          {
            "name": "HPSBUX02789",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
          },
          {
            "name": "SUSE-SU-2012:0502",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html"
          },
          {
            "name": "48844",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48844"
          },
          {
            "name": "USN-1423-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-1423-1"
          },
          {
            "name": "FEDORA-2012-5793",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html"
          },
          {
            "name": "FEDORA-2012-5805",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html"
          },
          {
            "name": "48816",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48816"
          },
          {
            "name": "FEDORA-2012-5843",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html"
          },
          {
            "name": "HPSBMU02790",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2"
          },
          {
            "name": "SUSE-SU-2012:0504",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html"
          },
          {
            "name": "48879",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48879"
          },
          {
            "name": "48754",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48754"
          },
          {
            "name": "FEDORA-2012-6382",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html"
          },
          {
            "name": "1026913",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1026913"
          },
          {
            "name": "48818",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48818"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
          },
          {
            "name": "48999",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48999"
          },
          {
            "name": "SSRT100872",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT5281"
          },
          {
            "name": "APPLE-SA-2012-05-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
          },
          {
            "name": "SSRT100824",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
          },
          {
            "name": "48873",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/48873"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-17T19:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2012:055",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:055"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.samba.org/samba/history/samba-3.6.4.html"
        },
        {
          "name": "SUSE-SU-2012:0501",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.samba.org/samba/security/CVE-2012-1182"
        },
        {
          "name": "48751",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48751"
        },
        {
          "name": "SUSE-SU-2012:0515",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html"
        },
        {
          "name": "DSA-2450",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2450"
        },
        {
          "name": "HPSBUX02789",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
        },
        {
          "name": "SUSE-SU-2012:0502",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html"
        },
        {
          "name": "48844",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48844"
        },
        {
          "name": "USN-1423-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-1423-1"
        },
        {
          "name": "FEDORA-2012-5793",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html"
        },
        {
          "name": "FEDORA-2012-5805",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html"
        },
        {
          "name": "48816",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48816"
        },
        {
          "name": "FEDORA-2012-5843",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html"
        },
        {
          "name": "HPSBMU02790",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2"
        },
        {
          "name": "SUSE-SU-2012:0504",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html"
        },
        {
          "name": "48879",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48879"
        },
        {
          "name": "48754",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48754"
        },
        {
          "name": "FEDORA-2012-6382",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html"
        },
        {
          "name": "1026913",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1026913"
        },
        {
          "name": "48818",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48818"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
        },
        {
          "name": "48999",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48999"
        },
        {
          "name": "SSRT100872",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT5281"
        },
        {
          "name": "APPLE-SA-2012-05-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
        },
        {
          "name": "SSRT100824",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
        },
        {
          "name": "48873",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/48873"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2012-1182",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDVSA-2012:055",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:055"
            },
            {
              "name": "http://www.samba.org/samba/history/samba-3.6.4.html",
              "refsource": "CONFIRM",
              "url": "http://www.samba.org/samba/history/samba-3.6.4.html"
            },
            {
              "name": "SUSE-SU-2012:0501",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00007.html"
            },
            {
              "name": "https://www.samba.org/samba/security/CVE-2012-1182",
              "refsource": "CONFIRM",
              "url": "https://www.samba.org/samba/security/CVE-2012-1182"
            },
            {
              "name": "48751",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48751"
            },
            {
              "name": "SUSE-SU-2012:0515",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html"
            },
            {
              "name": "DSA-2450",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2450"
            },
            {
              "name": "HPSBUX02789",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
            },
            {
              "name": "SUSE-SU-2012:0502",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html"
            },
            {
              "name": "48844",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48844"
            },
            {
              "name": "USN-1423-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-1423-1"
            },
            {
              "name": "FEDORA-2012-5793",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078726.html"
            },
            {
              "name": "FEDORA-2012-5805",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078836.html"
            },
            {
              "name": "48816",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48816"
            },
            {
              "name": "FEDORA-2012-5843",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078258.html"
            },
            {
              "name": "HPSBMU02790",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2"
            },
            {
              "name": "SUSE-SU-2012:0504",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00009.html"
            },
            {
              "name": "48879",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48879"
            },
            {
              "name": "48754",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48754"
            },
            {
              "name": "FEDORA-2012-6382",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080567.html"
            },
            {
              "name": "1026913",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1026913"
            },
            {
              "name": "48818",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48818"
            },
            {
              "name": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578",
              "refsource": "CONFIRM",
              "url": "http://www.collax.com/produkte/AllinOne-server-for-small-businesses#id2565578"
            },
            {
              "name": "48999",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48999"
            },
            {
              "name": "SSRT100872",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=133951282306605\u0026w=2"
            },
            {
              "name": "http://support.apple.com/kb/HT5281",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT5281"
            },
            {
              "name": "APPLE-SA-2012-05-09-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2012/May/msg00001.html"
            },
            {
              "name": "SSRT100824",
              "refsource": "HP",
              "url": "http://marc.info/?l=bugtraq\u0026m=134323086902585\u0026w=2"
            },
            {
              "name": "48873",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/48873"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2012-1182",
    "datePublished": "2012-04-10T21:00:00.000Z",
    "dateReserved": "2012-02-14T00:00:00.000Z",
    "dateUpdated": "2024-08-06T18:53:36.132Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2012-AVI-272

Vulnerability from certfr_avis

Trente-six vulnérabilités ont été corrigées dans OS X Lion. Il est possible d'exécuter du code arbitraire à distance, d'exécuter du code en local, d'obtenir des données sensibles et d'élever ses privilèges. De nombreuses applications et fonctions sont touchées, toutes sont décrites dans le bulletin Apple référencé dans la section « Documentation ».

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Versions antérieures à OS X Lion v10.7.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT5281 du 09 mai 2012

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eVersions ant\u00e9rieures \u00e0 OS X Lion v10.7.4.\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-1167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1167"
    },
    {
      "name": "CVE-2012-0675",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0675"
    },
    {
      "name": "CVE-2012-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0649"
    },
    {
      "name": "CVE-2012-0661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0661"
    },
    {
      "name": "CVE-2012-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0658"
    },
    {
      "name": "CVE-2011-4815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4815"
    },
    {
      "name": "CVE-2011-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2692"
    },
    {
      "name": "CVE-2011-1944",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1944"
    },
    {
      "name": "CVE-2011-3328",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3328"
    },
    {
      "name": "CVE-2012-0659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0659"
    },
    {
      "name": "CVE-2011-3212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3212"
    },
    {
      "name": "CVE-2011-2834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2834"
    },
    {
      "name": "CVE-2011-2821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2821"
    },
    {
      "name": "CVE-2012-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0657"
    },
    {
      "name": "CVE-2012-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0652"
    },
    {
      "name": "CVE-2011-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1778"
    },
    {
      "name": "CVE-2011-0241",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0241"
    },
    {
      "name": "CVE-2012-0660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0660"
    },
    {
      "name": "CVE-2011-1005",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1005"
    },
    {
      "name": "CVE-2012-0036",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0036"
    },
    {
      "name": "CVE-2012-0662",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0662"
    },
    {
      "name": "CVE-2012-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0655"
    },
    {
      "name": "CVE-2012-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0642"
    },
    {
      "name": "CVE-2011-4566",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4566"
    },
    {
      "name": "CVE-2011-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1777"
    },
    {
      "name": "CVE-2011-4885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4885"
    },
    {
      "name": "CVE-2011-2895",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2895"
    },
    {
      "name": "CVE-2012-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0651"
    },
    {
      "name": "CVE-2011-1004",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-1004"
    },
    {
      "name": "CVE-2012-0830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0830"
    },
    {
      "name": "CVE-2011-3919",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3919"
    },
    {
      "name": "CVE-2012-0656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0656"
    },
    {
      "name": "CVE-2011-3389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-3389"
    },
    {
      "name": "CVE-2012-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1182"
    },
    {
      "name": "CVE-2012-0870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0870"
    },
    {
      "name": "CVE-2012-0654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0654"
    }
  ],
  "initial_release_date": "2012-05-10T00:00:00",
  "last_revision_date": "2012-05-10T00:00:00",
  "links": [],
  "reference": "CERTA-2012-AVI-272",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-10T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Trente-six vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan class=\"textit\"\u003eOS\nX Lion\u003c/span\u003e. Il est possible d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance,\nd\u0027ex\u00e9cuter du code en local, d\u0027obtenir des donn\u00e9es sensibles et d\u0027\u00e9lever\nses privil\u00e8ges. De nombreuses applications et fonctions sont touch\u00e9es,\ntoutes sont d\u00e9crites dans le bulletin \u003cspan class=\"textit\"\u003eApple\u003c/span\u003e\nr\u00e9f\u00e9renc\u00e9 dans la section \u00ab Documentation \u00bb.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OS X Lion",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT5281 du 09 mai 2012",
      "url": "https://support.apple.com/kb/HT5281"
    }
  ]
}

CERTA-2012-AVI-210

Vulnerability from certfr_avis

Une vulnérabilité a été corrigée dans Samba. Cette vulnérabilité est un débordement de tampon de type heap overflow. Elle peut être exploitée au moyen d'un message RPC, sans être authentifié et permet d'exécuter un code arbitraire à distance avec les droits root.

Solution

Les versions 3.6.4, 3.5.14 et 3.4.16 de Samba corrigent ce problème.

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Samba	N/A	Samba 3.4.x jusqu'à la version 3.4.15.
Samba	N/A	Samba 3.6.x jusqu'à la version 3.6.3 ;
Samba	N/A	Samba 3.5.x jusqu'à la version 3.5.13 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Samba du 10 avril 2012	None	vendor-advisory
Bulletin de sécurité Ubuntu USN-1423-1 du 12 avril 2012 :	-	other
Bulletin de sécurité Mandriva MDVSA-2012:055 du 11 avril 2012 :	-	other
Bulletins de sécurité RedHat RHSA-2012:0465-1 et RHSA-2012:0466-1 du 10 avril 2012 :	-	other
Bulletin de sécurité Debian DSA-2450 du 12 avril 2012 :	-	other
Bulletins de sécurité RedHat RHSA-2012:0465-1 et RHSA-2012:0466-1 du 10 avril 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Samba 3.4.x jusqu\u0027\u00e0 la version 3.4.15.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    },
    {
      "description": "Samba 3.6.x jusqu\u0027\u00e0 la version 3.6.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    },
    {
      "description": "Samba 3.5.x jusqu\u0027\u00e0 la version 3.5.13 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Samba",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nLes versions 3.6.4, 3.5.14 et 3.4.16 de Samba corrigent ce probl\u00e8me.\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1182"
    }
  ],
  "initial_release_date": "2012-04-11T00:00:00",
  "last_revision_date": "2012-04-13T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-1423-1 du 12 avril 2012 :",
      "url": "http://www.ubuntu.com/usn/usn-1423-1/"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2012:055 du 11 avril    2012 :",
      "url": "http://www.mandriva.com/fr/support/security/advisories/?name=MDVSA-2012:055"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2012:0465-1 et    RHSA-2012:0466-1 du 10 avril 2012 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2012-0465.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-2450 du 12 avril 2012 :",
      "url": "http://www.debian.org/security/2012/dsa-2450"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 RedHat RHSA-2012:0465-1 et    RHSA-2012:0466-1 du 10 avril 2012 :",
      "url": "https://rhn.redhat.com/errata/RHSA-2012-0466.html"
    }
  ],
  "reference": "CERTA-2012-AVI-210",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-04-11T00:00:00.000000"
    },
    {
      "description": "ajout des r\u00e9f\u00e9rences aux bulletins Mandriva et RedHat.",
      "revision_date": "2012-04-12T00:00:00.000000"
    },
    {
      "description": "pr\u00e9cision sur les versions concern\u00e9es et ajout des r\u00e9f\u00e9rences aux bulletins Debian et Ubuntu.",
      "revision_date": "2012-04-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans Samba. Cette vuln\u00e9rabilit\u00e9 est un\nd\u00e9bordement de tampon de type \u003cspan class=\"textit\"\u003eheap overflow\u003c/span\u003e.\nElle peut \u00eatre exploit\u00e9e au moyen d\u0027un message RPC, sans \u00eatre\nauthentifi\u00e9 et permet d\u0027ex\u00e9cuter un code arbitraire \u00e0 distance avec les\ndroits \u003cspan class=\"textit\"\u003eroot\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Samba",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Samba du 10 avril 2012",
      "url": "https://www.samba.org/samba/security/CVE-2012-1182"
    }
  ]
}

CERTA-2012-AVI-330

Vulnerability from certfr_avis

Une vulnérabilité concernant Samba a été corrigée dans HP Server Automation. Cette vulnérabilité peut être exploitée pour exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
SUSE	N/A	HP Server Automation version 9.1x sur RedHat Linux, Suse Linux et SunOS.
SUSE	N/A	HP Server Automation version 9.0x sur RedHat Linux, Suse Linux et SunOS ;
SUSE	N/A	HP Server Automation version 7.8x sur RedHat Linux, Suse Linux et SunOS ;

References

Title

Publication Time

Tags

Bulletin de sécurité HP c03366886 du 11 juin 2012	None	vendor-advisory
Avis du CERTA concernant la vulnérabilité dans Samba :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "HP Server Automation version 9.1x sur RedHat Linux, Suse Linux et SunOS.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "HP Server Automation version 9.0x sur RedHat Linux, Suse Linux et SunOS ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    },
    {
      "description": "HP Server Automation version 7.8x sur RedHat Linux, Suse Linux et SunOS ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "SUSE",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2012-1182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-1182"
    }
  ],
  "initial_release_date": "2012-06-13T00:00:00",
  "last_revision_date": "2012-06-13T00:00:00",
  "links": [
    {
      "title": "Avis du CERTA concernant la vuln\u00e9rabilit\u00e9 dans      Samba :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2012-AVI-210/CERTA-2012-AVI-210.html"
    }
  ],
  "reference": "CERTA-2012-AVI-330",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 concernant \u003cspan class=\"textit\"\u003eSamba\u003c/span\u003e a \u00e9t\u00e9\ncorrig\u00e9e dans \u003cspan class=\"textit\"\u003eHP Server Automation\u003c/span\u003e. Cette\nvuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e pour ex\u00e9cuter du code arbitraire \u00e0\ndistance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans HP Server Automation",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 HP c03366886 du 11 juin 2012",
      "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03366886"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2012-1182 (GCVE-0-2012-1182)

Vulnerability from cvelistv5

CERTA-2012-AVI-272

Vulnerability from certfr_avis

Solution

CERTA-2012-AVI-210

Vulnerability from certfr_avis

Solution

CERTA-2012-AVI-330

Vulnerability from certfr_avis

Solution

Tags

Sightings

Nomenclature