漏洞信息详情

Samba nmbd_packets.c NetBIOS回复栈溢出漏洞

漏洞简介

Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。

Samba的nmbd/nmbd_packets.c文件中的reply_netbios_packet()函数在发送NetBIOS回复时存在栈溢出漏洞,远程攻击者可能利用此漏洞控制服务器。

如果客户端发送了多个特制的WINS "Name Registration"请求并跟随有WINS "Name Query"请求的话,就可以触发这个溢出,导致执行任意指令。但利用这个漏洞要求将Samba配置为用作WINS服务器,也就是启用了wins支持选项。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

https://www.redhat.com/support/errata/RHSA-2007-1017.html

https://www.redhat.com/support/errata/RHSA-2007-1016.html

https://www.redhat.com/support/errata/RHSA-2007-1013.html

http://us1.samba.org/samba/ftp/stable/samba-3.0.27.tar.gz

参考网址

来源: US-CERT

名称: TA07-352A

链接:http://www.us-cert.gov/cas/techalerts/TA07-352A.html

来源: FEDORA

名称: FEDORA-2007-3402

链接:https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00472.html

来源: issues.rpath.com

链接:https://issues.rpath.com/browse/RPL-1894

来源: XF

名称: samba-replynetbiospacket-bo(38502)

链接:http://xforce.iss.net/xforce/xfdb/38502

来源: HP

名称: HPSBUX02341

链接:http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

来源: HP

名称: HPSBUX02341

链接:http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01475657

来源: www.vmware.com

链接:http://www.vmware.com/security/advisories/VMSA-2008-0001.html

来源: UBUNTU

名称: USN-544-1

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-544-1

来源: BID

名称: 26455

链接:http://www.securityfocus.com/bid/26455

来源: BUGTRAQ

名称: 20080123 UPDATED VMSA-2008-0001.1 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

链接:http://www.securityfocus.com/archive/1/archive/1/486859/100/0/threaded

来源: BUGTRAQ

名称: 20080108 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages

链接:http://www.securityfocus.com/archive/1/archive/1/485936/100/0/threaded

来源: BUGTRAQ

名称: 20071115 Secunia Research: Samba "reply_netbios_packet()" Buffer OverflowVulnerability

链接:http://www.securityfocus.com/archive/1/archive/1/483744/100/0/threaded

来源: REDHAT

名称: RHSA-2007:1017

链接:http://www.redhat.com/support/errata/RHSA-2007-1017.html

来源: REDHAT

名称: RHSA-2007:1016

链接:http://www.redhat.com/support/errata/RHSA-2007-1016.html

来源: REDHAT

名称: RHSA-2007:1013

链接:http://www.redhat.com/support/errata/RHSA-2007-1013.html

来源: SUSE

名称: SUSE-SA:2007:065

链接:http://www.novell.com/linux/security/advisories/2007_65_samba.html

来源: MANDRIVA

名称: MDKSA-2007:224

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:224

来源: GENTOO

名称: GLSA-200711-29

链接:http://www.gentoo.org/security/en/glsa/glsa-200711-29.xml

来源: VUPEN

名称: ADV-2008-1908

链接:http://www.frsirt.com/english/advisories/2008/1908

来源: VUPEN

名称: ADV-2007-4238

链接:http://www.frsirt.com/english/advisories/2007/4238

来源: VUPEN

名称: ADV-2007-3869

链接:http://www.frsirt.com/english/advisories/2007/3869

来源: DEBIAN

名称: DSA-1409

链接:http://www.debian.org/security/2007/dsa-1409

来源: us1.samba.org

链接:http://us1.samba.org/samba/security/CVE-2007-5398.html

来源: SUNALERT

名称: 237764

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-237764-1

来源: SLACKWARE

名称: SSA:2007-320-01

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739

来源: SECTRACK

名称: 1018953

链接:http://securitytracker.com/id?1018953

来源: SREASON

名称: 3372

链接:http://securityreason.com/securityalert/3372

来源: MISC

链接:http://secunia.com/secunia_research/2007-90/advisory/

来源: SECUNIA

名称: 30835

链接:http://secunia.com/advisories/30835

来源: SECUNIA

名称: 28368

链接:http://secunia.com/advisories/28368

来源: SECUNIA

名称: 28136

链接:http://secunia.com/advisories/28136

来源: SECUNIA

名称: 27927

链接:http://secunia.com/advisories/27927

来源: SECUNIA

名称: 27787

链接:http://secunia.com/advisories/27787

来源: SECUNIA

名称: 27742

链接:http://secunia.com/advisories/27742

来源: SECUNIA

名称: 27731

链接:http://secunia.com/advisories/27731

来源: SECUNIA

名称: 27720

链接:http://secunia.com/advisories/27720

来源: SECUNIA

名称: 27701

链接:http://secunia.com/advisories/27701

来源: SECUNIA

名称: 27691

链接:http://secunia.com/advisories/27691

来源: SECUNIA

名称: 27682

链接:http://secunia.com/advisories/27682

来源: SECUNIA

名称: 27679

链接:http://secunia.com/advisories/27679

来源: SECUNIA

名称: 27450

链接:http://secunia.com/advisories/27450

来源: OVAL

名称: oval:org.mitre.oval:def:5811

链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5811

来源: MLIST

名称: [Security-announce] 20080107 VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and u

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多