漏洞起因
输入验证错误
影响系统
Samba Samba 3.3.6
Samba Samba 3.3.5
Samba Samba 3.2.13
Samba Samba 3.2.12
Samba Samba 3.2.5
Samba Samba 3.2.4
Samba Samba 3.2.3
Samba Samba 3.2.2
Samba Samba 3.2.1
Samba Samba 3.2
Samba Samba 3.0.35
Samba Samba 3.0.34
Samba Samba 3.0.33
Samba Samba 3.0.32
Samba Samba 3.0.30
+ MandrakeSoft Linux Mandrake 2007.1 x86_64
+ MandrakeSoft Linux Mandrake 2007.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
Samba Samba 3.0.29
Samba Samba 3.0.29
Samba Samba 3.0.28 a
Samba Samba 3.0.28
Samba Samba 3.0.27
Samba Samba 3.0.26
Samba Samba 3.0.25 rc3
Samba Samba 3.0.25 rc2
Samba Samba 3.0.25 rc1
Samba Samba 3.0.25 pre2
Samba Samba 3.0.25 pre1
Samba Samba 3.0.25 c
Samba Samba 3.0.25 b
Samba Samba 3.0.25 a
Samba Samba 3.0.25
Samba Samba 3.0.24
+ MandrakeSoft Linux Mandrake 2007.1 x86_64
+ MandrakeSoft Linux Mandrake 2007.1
+ MandrakeSoft Linux Mandrake 2007.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
Samba Samba 3.0.22
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21
Samba Samba 3.0.20
+ Slackware Linux 10.2
Samba Samba 3.0.14
Samba Samba 3.0.13
Samba Samba 3.0.12
Samba Samba 3.0.11
Samba Samba 3.0.10
+ Slackware Linux 10.1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
Samba Samba 3.0.9
+ OpenPKG OpenPKG Current
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 9.1
Samba Samba 3.0.8
Samba Samba 3.0.7
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1 x86_64
+ MandrakeSoft Linux Mandrake 10.1
+ MandrakeSoft Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0 AMD64
+ MandrakeSoft Linux Mandrake 10.0
+ MandrakeSoft Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0 alpha
Samba Samba 3.0
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
Samba Samba 4.0.0tp5
Samba Samba 3.0.27a
Samba Samba 3.0.27
Samba Samba 3.0.26a
Samba Samba 3.0.23d
+ MandrakeSoft Linux Mandrake 2007.0 x86_64
+ MandrakeSoft Linux Mandrake 2007.0
Samba Samba 3.0.23c
+ Slackware Linux 11.0
Samba Samba 3.0.23b
Samba Samba 3.0.23a
+ MandrakeSoft Corporate Server 4.0 x86_64
+ MandrakeSoft Corporate Server 4.0
Samba Samba 3.0.21c
Samba Samba 3.0.21b
Samba Samba 3.0.21a
Samba Samba 3.0.20b
Samba Samba 3.0.20a
Samba Samba 3.0.14a
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
不受影响系统
危害
远程攻击者可以利用漏洞进行拒绝服务或者任意代码执行攻击。
攻击所需条件
攻击者必须访问Samba。
漏洞信息
Samba是一款实现SMB协议、跨平台进行文件共享和打印共享服务的程序。
Samba存在多个安全,远程攻击者可以利用漏洞进行拒绝服务或者任意代码执行攻击。
-"smbd"存在未明错误可导致基于堆的缓冲区溢出。
-当应用程序以"–enable-developer"选项编译时可触发基于堆的缓冲区溢出。
-存在未明漏洞可导致基于堆和栈的缓冲区溢出。
成功利用漏洞需要拥有"admin"组的合法用户名和密码。
Intevydis公司发布的商业漏洞利用工具已经提供相关的攻击信息。目前没有详细漏洞细节提供。
测试方法
厂商解决方案
目前没有解决方案提供:
http://www.samba.org/
漏洞提供者
Intevydis
0 条评论。