Vulnerability Description
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Samba | 3.0.0 |
| Rim | Blackberry Playbook Tablet | - |
| Rim | Blackberry Playbook Os | <= 2.0 |
Related Weaknesses (CWE)
References
- http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&exterPatchVendor Advisory
- http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
- http://secunia.com/advisories/48116
- http://secunia.com/advisories/48186
- http://secunia.com/advisories/48844
- http://secunia.com/advisories/48879
- http://support.apple.com/kb/HT5281
- http://www.ubuntu.com/usn/USN-1374-1
- https://bugzilla.redhat.com/show_bug.cgi?id=795509Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/73361
- http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&exterPatchVendor Advisory
FAQ
What is CVE-2012-0870?
CVE-2012-0870 is a vulnerability with a CVSS score of 7.9 (HIGH). Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cau...
How severe is CVE-2012-0870?
CVE-2012-0870 has been rated HIGH with a CVSS base score of 7.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-0870?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Samba, Rim Blackberry Playbook Tablet, Rim Blackberry Playbook Os.