CVE-2012-0870

CVE	CVE-2012-0870
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-02-23 12:33:00 UTC
Updated	2023-02-13 04:32:00 UTC
Description	Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.

Problem Types: CWE-119

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Rim	Blackberry Playbook Os	1.0	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.3	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.5	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.6	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.7	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.7.2942	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.7.3312	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.8.4985	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.8.6067	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.3	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.5	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.6	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.7	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.7.2942	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.7.3312	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.8.4985	All	All	All
Operating System	Rim	Blackberry Playbook Os	1.0.8.6067	All	All	All
Operating System	Rim	Blackberry Playbook Os	All	All	All	All
Hardware	Rim	Blackberry Playbook Tablet	-	All	All	All
Hardware	Rim	Blackberry Playbook Tablet	-	All	All	All
Application	Samba	Samba	3.0.0	All	All	All
Application	Samba	Samba	3.0.0	All	All	All

Reference	Source	Link	Tags
[security-announce] SUSE-SU-2012:0502-1: critical: Security update for S	SUSE	lists.opensuse.org
About Secunia Research \| Flexera	SECUNIA	secunia.com
About Secunia Research \| Flexera	SECUNIA	secunia.com
Security Alerts - Secunia	SECUNIA	secunia.com
[security-announce] SUSE-SU-2012:0338-1: critical: Security update for S	SUSE	lists.opensuse.org
Samba - Security Announcement Archive	MISC	www.samba.org
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
About the security content of OS X Lion v10.7.4 and Security Update 2012-002	CONFIRM	support.apple.com
Bug 795509 – CVE-2012-0870 samba: Any Batched ("AndX") request processing infinite recursion and heap-based buffer overflow	CONFIRM	bugzilla.redhat.com	Patch
APPLE-SA-2012-05-09-1 OS X Lion v10.7.4 and Security Update 2012-002	APPLE	lists.apple.com
btsc.webapps.blackberry.com/btsc/search.do	CONFIRM	btsc.webapps.blackberry.com	Patch, Vendor Advisory
[security-announce] SUSE-SU-2012:0337-1: critical: Security update for S	SUSE	lists.opensuse.org
[security-announce] SUSE-SU-2012:0515-1: critical: Security update for S	SUSE	lists.opensuse.org
Red Hat Customer Portal	MISC	access.redhat.com
Security Alerts - Secunia	SECUNIA	secunia.com
access.redhat.com \| CVE-2012-0870	MISC	access.redhat.com
USN-1374-1: Samba vulnerability \| Ubuntu	UBUNTU	www.ubuntu.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.