-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0023 Title: Remote code execution vulnerability in smbd [1] Version history: 27.02.2012 Initial publication Summary ======= An input validation flaw in Samba could allow a remote attacker to execute arbitrary code with the privileges of the Samba server (root). CVE-2012-0870 Severity Level: CVSS2 Base 10 (CRITICAL) (AV:N/AC:L/Au:N/C:C/I:C/A:C) [2] Potential impact ================ Remote code execution -> Root compromise Vulnerable Systems ================== Samba pre-3.4.0 What can you do? ================ Updates are available from the SAMBA team.[1] Redhat also issued updated packages [3]. It can be expected that other Linux distribution will issue updates as well. What to tell your users? ======================== N/A More information ================ [1] SAMBA security advisory http://www.samba.org/samba/security/CVE-2012-0870.html [2] More information about CVSS is available at: http://www.first.org/cvss/cvss-guide.html [3] Redhat Security Advisory https://rhn.redhat.com/errata/RHSA-2012-0332.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPS12CAAoJEPpzpNLI8SVoPW4P/3AB9HTv9SOUGchuFK5Gkt8f eaZdW54GaZtZ3VbLtzh8H34IFHohWYdnV5Aq8x02OG3leYLGpaFI1zweQQLfIH92 aIJo67GCRPl0en3qCdMrgaJ5bmn76oQ07Dy/1AU2K/2xNxLEiGkulf7knI+dKT8j 2qapytEJB1++OybxX7d6Q5O6ZhqyHGrCySxSj34grDvdotKZTgCo1mldN04mZzDF SUdVj2bVqODwYvIdi7pxyv88K6WoyVX0JMCz1jA+PqFD845lSuVUO7gVn4H1acDG p7OWQ+wlvowz/gGVa1vzfzKy47feQ35c3U4UsRskr6kWcKyI9L54beTGbEwtLSp0 97dHV2YrBChBT8TfK+vaS2tRjxLmradu66vVUGFMu86hyL/NyvORuI0zRWiHaDZ3 u8TKcW1fWqLAsPzT35kiiCsg+Pfv2tTN5MGR0yDegAInfoJIJ6JbatLHsD8RtWlN pri3kzRx/kIuycjVh4+TEryzT4yODg2oozqbbpuUXGcclxxhlxMFl5ho1fZkWaxa Tt/0OGnbDHxQC5/8ji3vF+owkRN3rBB3v5F1l944aLjWFsu1T/kbwyJeqAcbw2Uw UotQ2m9JGhMrE0uH0WnXomE+2jxptzNrn/TkMg1Ch3UIphPRezqfbDPOGTWs35WL DzFNQ3HkwRlck0tZ1Z/o =CWH2 -----END PGP SIGNATURE-----