=====================================================================

                             CERT-Renater

                   Note d'Information No. 2012/VULN091
_____________________________________________________________________

DATE                : 27/02/2012

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running Samba versions up to and
                                     including 3.4.0.

======================================================================
http://www.samba.org/samba/security/CVE-2012-0870
_______________________________________________________________________

CVE-2012-0870:

===========================================================
== Subject:     Remote code execution vulnerability in smbd
==
== CVE ID#:     CVE-2012-0870
==
== Versions:    Samba pre-3.4.0
==
== Summary:     Ensure AndX offsets are increasing strictly monotonically
==              in pre-3.4 versions
==
===========================================================

===========
Description
===========

Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
(smbd) are increasing strictly monotonically.

Therefore a remote code execution vulnerability exists in the smbd service.
A remote attacker could use the vulnerability to launch an exploit over a
network connection.

==========
Workaround
==========

None.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

   http://www.samba.org/samba/security/

As all pre-3.4.0 versions are discontinued at least since August 9, 2011 
even
for security patches, the patches are provided as an extra service to our
community, users, and vendors.

=======
Credits
=======

The vulnerability was discovered by Andy Davis of NGS Secure¹ and
reported to
Research In Motion².

The patches were written by Volker Lendecke of the Samba Team.

==========
References
==========

¹ http://www.ngssecure.com/research/research-overview.aspx
² http://www.blackberry.com/btsc/KB29565


======================================================================

=========================================================
Les serveurs de référence du CERT-Renater
http://www.cru.fr/securite
http://www.renater.fr
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: certsvp@renater.fr     +
=========================================================