CVE-2012-0870

Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.

公開: 2012-02-23 最後更新: 2026-06-16 指派方: [email protected] 來源: [email protected]

結論預警: CVE-2012-0870 綜合評估為中等風險(64/100):CVSS 技術影響為高級,利用機率偏高(EPSS 6.50%,百分位 93%) 核心證據: EPSS 顯示該漏洞近期被利用的可能性處於高位。 強制指令: 被利用機率偏高—請盤點暴露面並優先安排修補。

風險隨態勢動態變化;本站持續評估並同步更新本頁展示內容。

CVE-2012-0870 的 EPSS(利用預測評分)

EPSS 日更估計相對被利用可能性;百分位表示該 CVE 在已評分漏洞中的相對排名(越高表示相對更嚴重)。

# 日期 舊 EPSS 分數 新 EPSS 分數 變化(新 − 舊)
1 2026-06-28 6.57% 6.50% -0.07%
2 2026-06-15 46.88% 6.57% -40.30%
3 2026-03-30 46.88%

完整 EPSS 歷史 (共 21 筆)

CVE-2012-0870 的 CVSS 指標

該 CVE 的 CVSS 指標。

底座分 版本 嚴重度 向量 可利用性 影響 分數來源
7.9 2.0 HIGH
AV:A/AC:M/Au:N/C:C/I:C/A:C 點擊展開
存取路徑 (AV:A)
需先位於與目標二層/三層相鄰的網段,再橫向推進。
存取複雜度 (AC:M)
需要若干有利條件,但不必「千年一遇」。
認證 (AU:N)
全程無需有效身分。
機密性影響 (C:C)
機密性被完全破壞。
完整性影響 (I:C)
完整性被完全破壞。
可用性影響 (A:C)
可用性被完全破壞。
5.5 10.0 [email protected]

CVE-2012-0870 的弱點列舉

CVE-2012-0870 的 OS 追蹤

vendor priority summary link
debian not yet assigned CVE-2012-0870 not yet assigned priority: Debian including 1 source packages (samba), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5. https://security-tracker.debian.org/tracker/CVE-2012-0870
gentoo high CVE-2012-0870: 1 GLSA(s) (201206-22), 1 atom(s) (net-fs/samba); latest impact high. https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2012-0870
redhat critical https://access.redhat.com/security/cve/CVE-2012-0870
suse high CVE-2012-0870 severity important: SUSE including 626 source package names (ctdb-4.10.5+git.129.35f7bb6e177-1.1, ctdb-4.22.3+git.401.c70158430cc-160000.2.2, …), 1015 product×package rows across 33 product lines (SUSE Linux Enterprise Desktop 11 SP2, SUSE Linux Enterprise Desktop 12, … (33 product lines)): Fixed 1015. https://www.suse.com/security/cve/CVE-2012-0870/
ubuntu high CVE-2012-0870 high priority: Ubuntu including 1 source packages (samba), 6 status rows across 6 suites (hardy, lucid, maverick, natty, oneiric, upstream): not-affected 4, released 2. https://ubuntu.com/security/CVE-2012-0870

CVE-2012-0870 的影響軟體 / 設定

廠商 產品 版本 原始 CPE
samba samba 3.0.0 cpe:2.3:a:samba:samba:3.0.0:*:*:*:*:*:*:*
rim blackberry_playbook_tablet cpe:2.3:h:rim:blackberry_playbook_tablet:-:*:*:*:*:*:*:*
rim blackberry_playbook_os <= 2.0 cpe:2.3:o:rim:blackberry_playbook_os:*:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0 cpe:2.3:o:rim:blackberry_playbook_os:1.0:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.3 cpe:2.3:o:rim:blackberry_playbook_os:1.0.3:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.5 cpe:2.3:o:rim:blackberry_playbook_os:1.0.5:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.6 cpe:2.3:o:rim:blackberry_playbook_os:1.0.6:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.7 cpe:2.3:o:rim:blackberry_playbook_os:1.0.7:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.7.2942 cpe:2.3:o:rim:blackberry_playbook_os:1.0.7.2942:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.7.3312 cpe:2.3:o:rim:blackberry_playbook_os:1.0.7.3312:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.8.4985 cpe:2.3:o:rim:blackberry_playbook_os:1.0.8.4985:*:*:*:*:*:*:*
rim blackberry_playbook_os 1.0.8.6067 cpe:2.3:o:rim:blackberry_playbook_os:1.0.8.6067:*:*:*:*:*:*:*

CVE-2012-0870 的參考連結

URL 標籤
http://btsc.webapps.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB29565 Patch Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00009.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00014.html
http://secunia.com/advisories/48116
http://secunia.com/advisories/48186
http://secunia.com/advisories/48844
http://secunia.com/advisories/48879
http://support.apple.com/kb/HT5281
http://www.ubuntu.com/usn/USN-1374-1
https://bugzilla.redhat.com/show_bug.cgi?id=795509 Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/73361
cvelogic Threat Intelligence