CVE-2004-0686
CVSS5.0
发布时间 :2004-07-27 00:00:00
修订时间 :2016-10-17 22:47:51
NMCOPS    

[原文]Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.


[CNNVD]Samba Filename Mangling Method缓冲区溢出漏洞(CNNVD-200407-049)

        Samba 2.2.x 到2.2.9版本,以及3.0.0到3.0.4版本存在缓冲区溢出漏洞。当smb.conf中启用"mangling method = hash"选项时,有未知的影响和攻击向量。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:samba:samba:3.0.4Samba 3.0.4
cpe:/a:samba:samba:3.0.3Samba 3.0.3
cpe:/a:samba:samba:3.0.2Samba 3.0.2
cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/a:samba:samba:3.0.1Samba 3.0.1
cpe:/a:samba:samba:3.0.0Samba 3.0.0
cpe:/a:samba:samba:3.0.2aSamba 3.0.2a
cpe:/a:samba:samba:3.0Samba 3.0
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10461Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown im...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0686
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0686
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200407-049
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851
(UNKNOWN)  CONECTIVA  CLA-2004:851
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854
(UNKNOWN)  CONECTIVA  CLA-2004:854
http://marc.info/?l=bugtraq&m=109051340810458&w=2
(UNKNOWN)  BUGTRAQ  20040722 Security Release - Samba 3.0.5 and 2.2.10
http://marc.info/?l=bugtraq&m=109051533021376&w=2
(UNKNOWN)  BUGTRAQ  20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)
http://marc.info/?l=bugtraq&m=109052891507263&w=2
(UNKNOWN)  BUGTRAQ  20040722 TSSA-2004-014 - samba
http://marc.info/?l=bugtraq&m=109094272328981&w=2
(UNKNOWN)  HP  SSRT4782
http://marc.info/?l=bugtraq&m=109785827607823&w=2
(UNKNOWN)  FEDORA  FLSA:2102
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
(UNKNOWN)  SUNALERT  101584
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
(UNKNOWN)  SUNALERT  57664
http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml
(UNKNOWN)  GENTOO  GLSA-200407-21
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071
(UNKNOWN)  MANDRAKE  MDKSA-2004:071
http://www.novell.com/linux/security/advisories/2004_22_samba.html
(UNKNOWN)  SUSE  SUSE-SA:2004:022
http://www.redhat.com/support/errata/RHSA-2004-259.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:259
http://www.trustix.org/errata/2004/0039/
(UNKNOWN)  TRUSTIX  2004-0039
http://xforce.iss.net/xforce/xfdb/16786
(VENDOR_ADVISORY)  XF  samba-mangling-method-bo(16786)

- 漏洞信息

Samba Filename Mangling Method缓冲区溢出漏洞
中危 缓冲区溢出
2004-07-27 00:00:00 2005-10-20 00:00:00
远程  
        Samba 2.2.x 到2.2.9版本,以及3.0.0到3.0.4版本存在缓冲区溢出漏洞。当smb.conf中启用"mangling method = hash"选项时,有未知的影响和攻击向量。

- 公告与补丁

        Conectiva has released advisory CLA-2004:854 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.
        Red Hat has released advisory RHSA-2004:404-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
        OpenPKG has released an advisory (OpenPKG-SA-2004.033) dealing with this issue. Please see the referenced advisory for more information.
        Conectiva Linux has released advisory CLA-2004:851 dealing with this issue. Please see the referenced advisory for more information.
        Red Hat has released advisory RHSA-2004:259-23 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
        Tinysofa Linux has released advisory TSSA-2004-014 dealing with this issue. Please see the referenced advisory for more information.
        SuSE Linux has released advisory SUSE-SA:2004:022 along with fixes dealing with this issue. Please see the referenced vendor advisory for more information.
        Mandrake has released advisory MDKSA-2004:071 dealing with this issue. Please see the referenced advisory for more information.
        Netwosix Linux has released advisory LNSA-#2004-0015 along with an upgrade dealing with this issue. Please see the referenced advisory for more information.
        Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.
        HP has released an advisory (HPSBUX01062 - SSRT4782, revision 0) dealing with this issue. Although no resolution has been provided, they recommend that users set the "mangling method = hash2" or "mangled names = no" in smb.conf to temporarily resolve the issue. Please see the referenced advisory for more information.
        Gentoo has released fixes for this issue that may be applied with the following commands:
        emerge sync
        emerge -pv ">=net-fs/samba-3.0.5"
        emerge ">=net-fs/samba-3.0.5"
        Gentoo has released an updated errata advisory (GLSA 200407-21:02) to correct the list of affected and non-affected versions. Please see the attached advisory for further information.
        RedHat has released advisories FEDORA-2004-284, and FEDORA-2004-285 to address this and other issues in RedHat Fedora Core 1 and 2 respectively. Please see the references advisories for further information.
        TurboLinux has released advisory TLSA-2004-25 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
        The Fedora Legacy project has released advisory FLSA:2102 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
        Sun has released a security bulletin (#57664) to announce that Solaris includes affected versions of the software and that fixes are pending.
        The vendor has released an upgrade dealing with this issue.
        Sun Solaris 9
        
        Sun Solaris 9_x86
        
        
        Samba Samba 3.0.2 a
        

- 漏洞信息 (F33848)

sambaOverruns.txt (PacketStormID:F33848)
2004-07-22 00:00:00
 
advisory,web,overflow
CVE-2004-0600,CVE-2004-0686
[点击下载]

Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3.0.2 suffer from buffer overrun in an internal routine used to decode base64 data during HTTP basic authentication.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Summary:       Potential Buffer Overruns in Samba 3.0 and Samba 2.2
CVE ID:        CAN-2004-0600, CAN-2004-0686
~               (http://cve.mitre.org/)

- -------------
CAN-2004-0600
- -------------

Affected Versions:      >= v3.0.2

The internal routine used by the Samba Web Administration
Tool (SWAT v3.0.2 and later) to decode the base64 data
during HTTP basic authentication is subject to a buffer
overrun caused by an invalid base64 character.  It is
recommended that all Samba v3.0.2 or later installations
running SWAT either (a) upgrade to v3.0.5, or (b) disable
the swat administration service as a temporary workaround.

This same code is used internally to decode the
sambaMungedDial attribute value when using the ldapsam
passdb backend. While we do not believe that the base64
decoding routines used by the ldapsam passdb backend can
be exploited, sites using an LDAP directory service with
Samba are strongly encouraged to verify that the DIT only
allows write access to sambaSamAccount attributes by a
sufficiently authorized user.

The Samba Team would like to heartily thank Evgeny Demidov
for analyzing and reporting this bug.


- -------------
CAN-2004-0686
- -------------

Affected Versions:      >= v2.2.9, >= v3.0.0


A buffer overrun has been located in the code used to support
the 'mangling method = hash' smb.conf option.  Please be aware
that the default setting for this parameter in Samba 3 is
'mangling method = hash2' and therefore not vulnerable.

Affected Samba installations can avoid this possible security
bug by using the hash2 mangling method.  Server installations
requiring the hash mangling method are encouraged to upgrade
to Samba 3.0.5 (or 2.2.10).

~              --------------------------------------


Samba 3.0.5 and 2.2.10 are identical to the previous release
in each respective series with the exception of fixing these
issues. Samba 3.0.5rc1 has been removed from the download area
on Samba.org and 3.0.6rc2 will be available later this week.


The source code can be downloaded from :

~  http://download.samba.org/samba/ftp/

The uncompressed tarball and patch file have been signed
using GnuPG.  The Samba public key is available at

~  http://download.samba.org/samba/ftp/samba-pubkey.asc

Binary packages are available at

~  http://download.samba.org/samba/ftp/Binary_Packages/

The release notes are also available on-line at

~  http://www.samba.org/samba/whatsnew/samba-3.0.5.html
~  http://www.samba.org/samba/whatsnew/samba-2.2.10.html

Our code, Our bugs, Our responsibility.
(Samba Bugzilla -- https://bugzilla.samba.org/)


~                                  -- The Samba Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFA/6GdIR7qMdg1EfYRAhGYAJ9wsFUb4+1Nu3shPQn12O5tXQAe1ACgvs6a
HxsnDPYXoL+q5UoYb6/2iJA=
=YCOV
-----END PGP SIGNATURE-----
    

- 漏洞信息

8191
Samba Mangling Method Hash Overflow
Location Unknown Input Manipulation
Loss of Integrity, Impact Unknown
Exploit Unknown

- 漏洞描述

Samba contains a flaw related to the "mangling method = hash" option that may allow an attacker to cause a buffer overflow. No further details have been provided.

- 时间线

2004-07-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.0.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Samba Filename Mangling Method Buffer Overrun Vulnerability
Boundary Condition Error 10781
Yes No
2004-07-22 12:00:00 2009-07-12 06:16:00
This vulnerability was announced by the vendor.

- 受影响的程序版本

Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Sun Solaris 9_x86
Sun Solaris 9
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0 alpha
Samba Samba 3.0
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 2.1
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.11
HP HP-UX B.11.00
HP CIFS/9000 Server A.01.11.01
Conectiva Linux 9.0
Conectiva Linux 8.0
Conectiva Linux 3.0
Samba Samba 3.0.5

- 不受影响的程序版本

Samba Samba 3.0.5

- 漏洞讨论

Samba is reported prone to an undisclosed buffer overrun vulnerability, the buffer overrun is reported to exist when Samba is handling file name mangling with the "hash" method.

It is conjectured that this vulnerability may present itself when the affected server handles a filename that is sufficient to trigger the vulnerability. To exploit this vulnerability, an attacker may require sufficient access so that they may write a file to a published samba share.

It is reported that the vulnerability does not exist in default Samba configurations; by default, Samba is configured to employ "hash2" name mangling. The "hash2" method is not vulnerable.

This vulnerability is reported to affect Samba version 3.0.0 and later.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Conectiva has released advisory CLA-2004:854 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.

Red Hat has released advisory RHSA-2004:404-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

OpenPKG has released an advisory (OpenPKG-SA-2004.033) dealing with this issue. Please see the referenced advisory for more information.

Conectiva Linux has released advisory CLA-2004:851 dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:259-23 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Tinysofa Linux has released advisory TSSA-2004-014 dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released advisory SUSE-SA:2004:022 along with fixes dealing with this issue. Please see the referenced vendor advisory for more information.

Mandrake has released advisory MDKSA-2004:071 dealing with this issue. Please see the referenced advisory for more information.

Netwosix Linux has released advisory LNSA-#2004-0015 along with an upgrade dealing with this issue. Please see the referenced advisory for more information.

Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.

HP has released an advisory (HPSBUX01062 - SSRT4782, revision 0) dealing with this issue. Although no resolution has been provided, they recommend that users set the "mangling method = hash2" or "mangled names = no" in smb.conf to temporarily resolve the issue. Please see the referenced advisory for more information.

Gentoo has released fixes for this issue that may be applied with the following commands:
emerge sync
emerge -pv ">=net-fs/samba-3.0.5"
emerge ">=net-fs/samba-3.0.5"

Gentoo has released an updated errata advisory (GLSA 200407-21:02) to correct the list of affected and non-affected versions. Please see the attached advisory for further information.

RedHat has released advisories FEDORA-2004-284, and FEDORA-2004-285 to address this and other issues in RedHat Fedora Core 1 and 2 respectively. Please see the references advisories for further information.

TurboLinux has released advisory TLSA-2004-25 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

The Fedora Legacy project has released advisory FLSA:2102 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.

Sun has released a security bulletin (#57664) to announce that Solaris includes affected versions of the software and that fixes are pending.

The vendor has released an upgrade dealing with this issue.


Sun Solaris 9

Sun Solaris 9_x86

Samba Samba 3.0.2 a

Samba Samba 3.0.2

Samba Samba 3.0.3

Samba Samba 3.0.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站