Samba Heap Overflow Vulnerability (CVE-2012-1182) Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

Samba Heap Overflow Vulnerability (CVE-2012-1182) Scanner Detail

Checks if target machines are vulnerable to the Samba heap overflow vulnerability CVE-2012-1182.

Samba versions 3.6.3 and all versions previous to this are affected by a vulnerability that allows remote code execution as the "root" user from an anonymous connection.

CVE-2012-1182 marks multiple heap overflow vulnerabilities located in PIDL based autogenerated code. This check script is based on PoC by ZDI marked as ZDI-CAN-1503. Vulnerability lies in ndr_pull_lsa_SidArray function where an attacker is under control of num_sids and can cause insufficient memory to be allocated, leading to heap buffer overflow and possibility of remote code execution.

Script builds a malicious packet and makes a SAMR GetAliasMembership call which triggers the vulnerability. On the vulnerable system, connection is dropped and result is "Failed to receive bytes after 5 attempts". On patched system, samba throws an error and result is "MSRPC call returned a fault (packet type)".

References:

 

Some Advice for Common Problems

Patches addressing this issue have been posted to:
http://www.samba.org/samba/security/

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service