A vulnerability has been reported in Samba, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error within the Network Data Representation (NDR) marshalling functionality when handling PULL EVENTLOG ReportEventAndSourceW requests and can be exploited to cause a heap-based buffer overflow via a specially crafted remote procedure call.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions 3.0.x through 3.6.3.

Solution
Apply patch or update to version 3.6.4, 3.5.14, or 3.4.16.
Further details available to Secunia VIM customers

Provided and/or discovered by
Brian Gorenc, HP DVLabs and an anonymous person via ZDI.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Samba:
http://www.samba.org/samba/security/CVE-2012-1182

DVLabs:
http://dvlabs.tippingpoint.com/advisory/TPTI-12-04

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-12-061/
http://www.zerodayinitiative.com/advisories/ZDI-12-062/
http://www.zerodayinitiative.com/advisories/ZDI-12-063/
http://www.zerodayinitiative.com/advisories/ZDI-12-064/
http://www.zerodayinitiative.com/advisories/ZDI-12-068/
http://www.zerodayinitiative.com/advisories/ZDI-12-069/
http://www.zerodayinitiative.com/advisories/ZDI-12-070/
http://www.zerodayinitiative.com/advisories/ZDI-12-071/
http://www.zerodayinitiative.com/advisories/ZDI-12-072/

Deep Links
Links available to Secunia VIM customers