CVE-2012-0870:

===========================================================
== Subject:     Remote code execution vulnerability in smbd
==
== CVE ID#:     CVE-2012-0870
==
== Versions:    Samba pre-3.4.0
==
== Summary:     Ensure AndX offsets are increasing strictly monotonically
==              in pre-3.4 versions
==
===========================================================

===========
Description
===========

Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon
(smbd) are increasing strictly monotonically.

Therefore a remote code execution vulnerability exists in the smbd service.
A remote attacker could use the vulnerability to launch an exploit over a
network connection.

==========
Workaround
==========

None.

==================
Patch Availability
==================

A patch addressing this defect has been posted to

  http://www.samba.org/samba/security/

As all pre-3.4.0 versions are discontinued at least since August 9, 2011 even
for security patches, the patches are provided as an extra service to our
community, users, and vendors.

=======
Credits
=======

The vulnerability was discovered by Andy Davis of NGS Secure¹ and reported to
Research In Motion².

The patches were written by Volker Lendecke of the Samba Team.

==========
References
==========

¹ http://www.ngssecure.com/research/research-overview.aspx
² http://www.blackberry.com/btsc/KB29565