CVE-2004-0815
CVSS7.5
发布时间 :2004-11-03 00:00:00
修订时间 :2016-10-17 22:49:14
NMCOPS    

[原文]The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames.


[CNNVD]Samba远程畸形路径名导致目录遍历漏洞(CNNVD-200411-027)

        
        Samba是一套实现SMB(Server Messages Block)协议,跨平台进行文件共享和打印共享服务的程序。
        Samba对用户提交的文件路径名的处理存在远程输入验证问题,远程攻击者可以利用这个漏洞以当前登录用户权限列表、下载、上传所有有权限操作的系统文件。
        每个文件路径名会传递给Samba进程,并使用unix_convert()和check_name()函数进行转换和检查,unix_convert()函数先把文件路径名由DOS格式转换为UNIX格式,然后调用unix_clean_name()函数作进一步的处理,该函数会把路径文件名中的所有'//'替换为'/',去除行首的'./',还会对'/../'作处理。check_name()对转换后的文件名进行最后的检查,并调用reduce_name(),此函数会第二次调用unix_clean_name()。其结果可导致攻击者以绝对路径的方式访问计算机的任意文件。
        如传递'/./////etc'路径名给unix_clean_name()函数,经过处理后就会转变成'/.///etc',unix_convert()函数会把前面的'/'修剪掉,而路径名变为'.///etc',那么此串再次传递给unix_clean_name()函数时,就会导致最终转换为'/etc',这样可导致攻击者以登录用户的权限列表、下载、上传所有有权限操作的系统文件。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:samba:samba:2.2.0aSamba Samba 2.2.0a
cpe:/a:samba:samba:2.2.1aSamba Samba 2.2.1a
cpe:/a:samba:samba:3.0.2Samba 3.0.2
cpe:/a:samba:samba:2.2aSamba Samba 2.2a
cpe:/a:samba:samba:3.0.1Samba 3.0.1
cpe:/a:samba:samba:3.0.0Samba 3.0.0
cpe:/a:samba:samba:2.2.3aSamba Samba 2.2.3a
cpe:/a:samba:samba:3.0Samba 3.0
cpe:/a:samba:samba:2.2.0Samba 2.2.0
cpe:/a:samba:samba:2.2.11Samba 2.2.11
cpe:/a:samba:samba:2.2.3Samba 2.2.3
cpe:/a:samba:samba:2.2.2Samba 2.2.2
cpe:/a:samba:samba:3.0.2aSamba 3.0.2a
cpe:/a:samba:samba:2.2.8aSamba Samba 2.2.8a
cpe:/a:samba:samba:2.2.9Samba 2.2.9
cpe:/a:samba:samba:2.2.8Samba 2.2.8
cpe:/a:samba:samba:2.2.7aSamba Samba 2.2.7a
cpe:/a:samba:samba:2.2.5Samba 2.2.5
cpe:/a:samba:samba:2.2.4Samba 2.2.4
cpe:/a:samba:samba:2.2.7Samba 2.2.7
cpe:/a:samba:samba:2.2.6Samba 2.2.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0815
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0815
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-027
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000873
(VENDOR_ADVISORY)  CONECTIVA  CLA-2004:873
http://marc.info/?l=bugtraq&m=109655827913457&w=2
(UNKNOWN)  BUGTRAQ  20040930 Samba Security Announcement -- Potential Arbitrary File Access
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
(UNKNOWN)  SUNALERT  101584
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
(UNKNOWN)  SUNALERT  57664
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200529-1
(UNKNOWN)  SUNALERT  200529
http://us4.samba.org/samba/news/#security_2.2.12
(UNKNOWN)  CONFIRM  http://us4.samba.org/samba/news/#security_2.2.12
http://www.debian.org/security/2004/dsa-600
(VENDOR_ADVISORY)  DEBIAN  DSA-600
http://www.idefense.com/application/poi/display?id=146&type=vulnerabilities&flashstatus=true
(VENDOR_ADVISORY)  IDEFENSE  20040930 Samba Arbitrary File Access Vulnerability
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:104
(UNKNOWN)  MANDRAKE  MDKSA-2004:104
http://www.novell.com/linux/security/advisories/2004_35_samba.html
(UNKNOWN)  SUSE  SUSE-SA:2004:035
http://www.redhat.com/support/errata/RHSA-2004-498.html
(UNKNOWN)  REDHAT  RHSA-2004:498
http://www.securityfocus.com/archive/1/377618
(UNKNOWN)  BUGTRAQ  20041005 ERRATA: Potential Arbitrary File Access (CAN-2004-0815)
http://www.securityfocus.com/bid/11281
(VENDOR_ADVISORY)  BID  11281
http://www.trustix.org/errata/2004/0051/
(UNKNOWN)  TRUSTIX  2004-0051
http://xforce.iss.net/xforce/xfdb/17556
(UNKNOWN)  XF  samba-file-access(17556)
https://bugzilla.fedora.us/show_bug.cgi?id=2102
(UNKNOWN)  FEDORA  FLSA:2102

- 漏洞信息

Samba远程畸形路径名导致目录遍历漏洞
高危 输入验证
2004-11-03 00:00:00 2010-01-28 00:00:00
远程  
        
        Samba是一套实现SMB(Server Messages Block)协议,跨平台进行文件共享和打印共享服务的程序。
        Samba对用户提交的文件路径名的处理存在远程输入验证问题,远程攻击者可以利用这个漏洞以当前登录用户权限列表、下载、上传所有有权限操作的系统文件。
        每个文件路径名会传递给Samba进程,并使用unix_convert()和check_name()函数进行转换和检查,unix_convert()函数先把文件路径名由DOS格式转换为UNIX格式,然后调用unix_clean_name()函数作进一步的处理,该函数会把路径文件名中的所有'//'替换为'/',去除行首的'./',还会对'/../'作处理。check_name()对转换后的文件名进行最后的检查,并调用reduce_name(),此函数会第二次调用unix_clean_name()。其结果可导致攻击者以绝对路径的方式访问计算机的任意文件。
        如传递'/./////etc'路径名给unix_clean_name()函数,经过处理后就会转变成'/.///etc',unix_convert()函数会把前面的'/'修剪掉,而路径名变为'.///etc',那么此串再次传递给unix_clean_name()函数时,就会导致最终转换为'/etc',这样可导致攻击者以登录用户的权限列表、下载、上传所有有权限操作的系统文件。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 限制只能是可信用户连接Samba共享。
        厂商补丁:
        Samba
        -----
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Samba 2.2.12 upgrade for Samba 2.2.x:
        
        http://us4.samba.org/samba/ftp/samba-2.2.12.tar.gz

        Samba 3.0.5 patch:
        
        http://us4.samba.org/samba/ftp/patches/security/samba-3.0.5-reduce_name.

        patch
        其中Samba 3.0.7版本不受此漏洞影响:
        
        http://us4.samba.org/

- 漏洞信息 (F34551)

iDEFENSE Security Advisory 2004-09-30.t (PacketStormID:F34551)
2004-10-07 00:00:00
iDefense Labs  idefense.com
advisory,remote
CVE-2004-0815
[点击下载]

iDEFENSE Security Advisory 09.30.04 - Remote exploitation of an input validation vulnerability in Samba allows attackers to access files and directories outside of the specified share path.

Samba Arbitrary File Access Vulnerability 

iDEFENSE Security Advisory 09.30.04
www.idefense.com/application/poi/display?id=146&type=vulnerabilities
September 30, 2004

I. BACKGROUND

Samba is an Open Source/Free Software suite that provides seamless file 
and print services to SMB/CIFS clients.

II. DESCRIPTION

Remote exploitation of an input validation vulnerability in Samba allows
attackers to access files and directories outside of the specified share
path.

Each file and directory name passed into Samba is converted and checked
with the functions unix_convert() and check_name(). The main purpose of
the unix_convert() routine is to convert names from the DOS namespace to
Unix namespace. It calls unix_clean_name(), which in turn removes double
slashes, leading './' characters and '..' directory-traversal
characters. check_name() does any final checks necessary to confirm the 
validity of the converted filename and calls reduce_name(), which in
turn calls unix_clean_name() for a second time. The end result allows
for an attacker to specify the realpath of any file on the computer.

Example:
/./////etc is passed to unix_clean_name(). It becomes /.///etc. The
leading slash is then trimmed off to make .///etc. It is then passed to
unix_clean_name() again. The resulting string is /etc, which is an
absolute path on the system.

III. ANALYSIS

Successful exploitation allows remote attackers to bypass the specified
share restrictions to gain read, write and list access to files and
directories under the privileges of the user. In situations where a
public share is available, the attack can be performed by
unauthenticated attackers.

An attacker does not need exploit code to exploit this vulnerability.
The smbclient program can be used to request/write/list files using the
"get", "put" and "dir" commands, respectively.

IV. DETECTION

iDEFENSE has confirmed that Samba versions 3.0.2 and 2.2.9 are 
vulnerable. It is suspected that all versions of Samba are vulnerable.

V. WORKAROUND

Only allow trusted users/hosts to connect to samba shares.

VI. VENDOR RESPONSE

Samba 2.2.12 upgrade for Samba 2.2.x:
http://us4.samba.org/samba/ftp/samba-2.2.12.tar.gz

Samba 3.0.5 patch:
http://us4.samba.org/samba/ftp/patches/security/samba-3.0.5-reduce_name.
patch

Samba 3.0.7 is not vulnerable.

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-0815 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

09/22/2004  Initial vendor notification
09/22/2004  iDEFENSE clients notified
09/22/2004  Initial vendor response
09/30/2004  Coordinated public disclosure

IX. CREDIT

Karol Wiesek is credited with this discovery.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright (c) 2004 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically, please
email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be accurate
at the time of publishing based on currently available information. Use
of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or reliance on,
this information.
    

- 漏洞信息

10464
Samba MS-DOS Path Request Arbitrary File Retrieval
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

Samba contains a flaw that allows a remote attacker to gain access to files outside of the share path under the privileges of the user. With a specifically crafted request, an attacker could potentially access files outside the share's root. The issue is due to the unix_convert() and check_name() functions not properly sanitizing user input supplied via the GET, PUT and DIR commands. Samba treats the resulting input as an absolute path rather than relative path to the share.

- 时间线

2004-09-30 Unknow
2004-09-30 Unknow

- 解决方案

Upgrade to version 2.2.12 or higher, as it has been reported to fix this vulnerability. For the 3.x series, Samba Project has released a patch to address this vulnerability. As a workaround, set "wide links = no" in smb.conf.

- 相关参考

- 漏洞作者

- 漏洞信息

Samba Remote Arbitrary File Access Vulnerability
Input Validation Error 11281
Yes No
2004-09-30 12:00:00 2009-07-12 07:06:00
Karol Wiesek is credited with this discovery.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Sun Java Desktop System (JDS) 2.0
Sun Java Desktop System (JDS) 2003
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0 alpha
Samba Samba 3.0
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
Samba Samba 2.2.11
Samba Samba 2.2.9
Samba Samba 2.2.8 a
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Samba Samba 2.2.8
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.6
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
Samba Samba 2.2.7 a
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 8.1
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
Samba Samba 2.2.7
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ Sun Linux 5.0.6
+ Sun Solaris 9_x86
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun Solaris 9
Samba Samba 2.2.6
+ Mandriva Linux Mandrake 9.0
Samba Samba 2.2.5
+ RedHat Linux 8.0
Samba Samba 2.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.2
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc3
+ HP CIFS/9000 Server A.01.09.02
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.05
+ HP CIFS/9000 Server A.01.05
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
Samba Samba 2.2.4
+ Slackware Linux 8.1
Samba Samba 2.2.3 a
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
Samba Samba 2.2.3 a
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
Samba Samba 2.2.3
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X Server 10.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Samba Samba 2.2.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ OpenPKG OpenPKG 1.0
+ OpenPKG OpenPKG 1.0
Samba Samba 2.2.1 a
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3
+ Sun Linux 5.0
+ Sun LX50
Samba Samba 2.2.1 a
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
Samba Samba 2.2 a
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
Samba Samba 2.2 .0a
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ Slackware Linux 8.0
+ Slackware Linux 8.0
Samba Samba 2.2 .0
- S.u.S.E. Linux 7.2
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
HP MPE/iX 7.5
HP MPE/iX 7.0
HP MPE/iX 6.5
HP HP-UX B.11.23
HP HP-UX B.11.22
HP HP-UX B.11.11
HP HP-UX B.11.00
Conectiva Linux 10.0
Conectiva Linux 9.0
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 2.2.12
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5

- 不受影响的程序版本

Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 2.2.12
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5

- 漏洞讨论

Samba is affected by a remote arbitrary file access vulnerability. This issue is due to a failure of the application to properly validate user-supplied file names.

An attacker may leverage this issue to gain access to files outside of a Samba share's path on a vulnerable computer. Information gained in this way may reveal sensitive information aiding in further attacker against the computer.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

SuSE has released an advisory (SUSE-SA:2004:035) and fixes to address this vulnerability in affected SuSE products. Customers are advised to peruse the referenced advisory for further information pertaining to obtaining and applying appropriate fixes.

Trustix Secure Linux has made advisory TSLSA-2004-0051 along with fixes available for this issue. For more information please see the referenced advisory.

Mandrake Linux has released advisory MDKSA-2004:104 along with fixes addressing this issue. Please see the referenced advisory for further information.

Red Hat has released advisory RHSA-2004:498-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Samba has released an advisory dealing with this issue. An upgrade and a patch have been made available to resolve this issue.

Debian has released an advisory (DSA 600-1) to address this issue. Fixes have been released for various platforms. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA:2102 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information. This advisory has been updated 14 Oct 2004 to correct broken packages.

Conectiva Linux has released advisory CLA-2004:873 along with fixes to address this issue. Please see the referenced advisory for further information.

HP has released an advisory (HPSBUX01086) to address this issue. Users are advised to upgrade to HP-UX CIFS (Samba) version A.01.11.03. Please see the referenced advisory for more information.

HP has released advisory HPSBMP01089-SSRT4838 dealing with this issue for their MPE/iX product. Please see the referenced advisory for more information.

Sun has released alert ID 57694 to address this issue for Java Desktop operating systems. Please see the referenced advisory for further information on obtaining fixes.


Samba Samba 2.2 .0

Samba Samba 2.2 .0a

Samba Samba 2.2 a

Samba Samba 2.2.1 a

Samba Samba 2.2.11

Samba Samba 2.2.2

Samba Samba 2.2.3

Samba Samba 2.2.3 a

Samba Samba 2.2.4

Samba Samba 2.2.5

Samba Samba 2.2.5

Samba Samba 2.2.6

Samba Samba 2.2.7 a

Samba Samba 2.2.7

Samba Samba 2.2.8

Samba Samba 2.2.8 a

Samba Samba 2.2.9

Samba Samba 3.0

Samba Samba 3.0 alpha

Samba Samba 3.0.1

Samba Samba 3.0.2 a

Samba Samba 3.0.2

Samba Samba 3.0.3

Samba Samba 3.0.4 -r1

Samba Samba 3.0.4

Samba Samba 3.0.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站