CVE-2004-0882
CVSS10.0
发布时间 :2005-01-27 00:00:00
修订时间 :2016-10-17 22:49:38
NMCOPS    

[原文]Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.


[CNNVD]Samba QFILEPATHINFO 缓冲区溢出漏洞(CNNVD-200501-295)

        Samba是一款开源的SMB(Server Messages Block)协议实现软件,提供绝大多数Windows系统的SMB文件及打印共享服务。
        Samba 3.0.x至3.0.7版本中的QFIKEPATHINFO处理存在缓冲区溢出漏洞。
        远程攻击者可利用此漏洞,通过包含一个很小"maximum data bytes"值的TRANSACT2_QFILEPATHINFO请求,执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:fedora_core:core_2.0
cpe:/a:samba:samba:3.0Samba 3.0
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:samba:samba:3.0.4Samba 3.0.4
cpe:/a:samba:samba:3.0.3Samba 3.0.3
cpe:/a:samba:samba:3.0.2Samba 3.0.2
cpe:/a:samba:samba:3.0.1Samba 3.0.1
cpe:/a:samba:samba:3.0.0Samba 3.0.0
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/a:samba:samba:3.0.7Samba 3.0.7
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/a:samba:samba:3.0.6Samba 3.0.6
cpe:/a:samba:samba:3.0.5Samba 3.0.5
cpe:/a:samba:samba:3.0.4:rc1Samba 3.0.4 release candidate 1
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/a:samba:samba:3.0.2aSamba 3.0.2a
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9969Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0882
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0882
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-295
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
(UNKNOWN)  SCO  SCOSA-2005.17
ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P
(UNKNOWN)  SGI  20041201-01-P
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000899
(UNKNOWN)  CONECTIVA  CLA-2004:899
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-03-21
http://marc.info/?l=bugtraq&m=110054671403755&w=2
(UNKNOWN)  BUGTRAQ  20041115 Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow
http://marc.info/?l=bugtraq&m=110055646329581&w=2
(UNKNOWN)  BUGTRAQ  20041115 [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd
http://marc.info/?l=bugtraq&m=110330519803655&w=2
(UNKNOWN)  BUGTRAQ  20041217 [OpenPKG-SA-2004.054] OpenPKG Security Advisory (samba)
http://security.e-matters.de/advisories/132004.html
(UNKNOWN)  MISC  http://security.e-matters.de/advisories/132004.html
http://securitytracker.com/id?1012235
(UNKNOWN)  SECTRACK  1012235
http://www.ciac.org/ciac/bulletins/p-038.shtml
(UNKNOWN)  CIAC  P-038
http://www.kb.cert.org/vuls/id/457622
(UNKNOWN)  CERT-VN  VU#457622
http://www.novell.com/linux/security/advisories/2004_40_samba.html
(UNKNOWN)  SUSE  SUSE-SA:2004:040
http://www.trustix.net/errata/2004/0058/
(VENDOR_ADVISORY)  TRUSTIX  2004-0058
http://xforce.iss.net/xforce/xfdb/18070
(VENDOR_ADVISORY)  XF  samba-qfilepathinfo-bo(18070)

- 漏洞信息

Samba QFILEPATHINFO 缓冲区溢出漏洞
危急 缓冲区溢出
2005-01-27 00:00:00 2005-10-20 00:00:00
远程  
        Samba是一款开源的SMB(Server Messages Block)协议实现软件,提供绝大多数Windows系统的SMB文件及打印共享服务。
        Samba 3.0.x至3.0.7版本中的QFIKEPATHINFO处理存在缓冲区溢出漏洞。
        远程攻击者可利用此漏洞,通过包含一个很小"maximum data bytes"值的TRANSACT2_QFILEPATHINFO请求,执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.samba.org/samba/download/

- 漏洞信息 (F35080)

Trustix Secure Linux Security Advisory 2004.58 (PacketStormID:F35080)
2004-11-20 00:00:00
 
advisory
linux
CVE-2004-0941,CVE-2004-0990,CVE-2004-0882,CVE-2004-0930
[点击下载]

Trustix Secure Linux Security Advisory #2004-0058 - Various security fixes have been released for gd, samba, sqlgrey, and sudo.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0058

Package name:      gd samba sqlgrey sudo
Summary:           Various security fixes
Date:              2004-11-15
Affected versions: Trustix Secure Linux 1.5
                   Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  gd:
  gd is a graphics library. It allows your code to quickly draw images
  complete with lines, arcs, text, multiple colors, cut and paste from
  other images, and flood fills, and write out the result as a PNG or
  JPEG file. This is particularly useful in World Wide Web applications,
  where PNG and JPEG are two of the formats accepted for inline images
  by most browsers.

  samba:
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines

  sqlgrey:
  SQLgrey is a Postfix grey-listing policy service with auto-white-listing
  written in Perl with SQL database as storage backend.

  sudo:
  Sudo (superuser do) allows a system administrator to give certain
  users (or groups of users) the ability to run some (or all) commands
  as root while logging all commands and arguments. Sudo operates on a
  per-command basis.  It is not a replacement for the shell.  Features
  include: the ability to restrict what commands a user may run on a
  per-host basis, copious logging of each command (providing a clear
  audit trail of who did what), a configurable timeout of the sudo
  command, and the ability to use the same configuration file (sudoers)
  on many different machines.


Problem description:

  gd:
  There has been found serveral overflows in gd.  This can be used to
  execute arbitary code in programs using the gd library.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0941 and CAN-2004-0990 to these issues.


  sqlgrey:
  Matt Linzbach made us aware that the maintainers of SQLgrey have issued
  a new release that fixes an SQL injection bug.


  samba:
  From the Samba advisory:
  Invalid bounds checking in reply to certain trans2 requests 
  could result in a buffer overrun in smbd.  In order to exploit 
  this defect, the attacker must be able to create files with very 
  specific Unicode filenames on the Samba share. 

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0882 to this issue.

  From the Samba advisory:
  A bug in the input validation routines used to match
  filename strings containing wildcard characters may allow
  a user to consume more than normal amounts of CPU cycles
  thus impacting the performance and response of the server.
  In some circumstances the server can become entirely
  unresponsive.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0930 to this issue.


  sudo:
  Bash exported functions and the CDPATH variable are now stripped from 
  the environment passed to the program to be executed. 




Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.5/>,
  <URI:http://www.trustix.org/errata/trustix-2.0/>,
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0058/>


MD5sums of the packages:
- --------------------------------------------------------------------------
a470211caddc2fd447fcfd2c3a009e64  2.2/rpms/gd-2.0.33-3tr.i586.rpm
dbfd11b288d2cedc745eef11b5694caf  2.2/rpms/gd-devel-2.0.33-3tr.i586.rpm
f8382d132037ead78313d0619b2b6c7a  2.2/rpms/gd-utils-2.0.33-3tr.i586.rpm
52c5bcbdd1343ae17a190f4c97044064  2.2/rpms/samba-3.0.7-2tr.i586.rpm
56c45ba7dc304ba6383e28af8894f4f9  2.2/rpms/samba-client-3.0.7-2tr.i586.rpm
cc8b41a2b9186231f5e4561fe2b2771c  2.2/rpms/samba-common-3.0.7-2tr.i586.rpm
8a31afe741dc235de66cd69eaad83c4a  2.2/rpms/samba-mysql-3.0.7-2tr.i586.rpm
106f17d50d8a6840f6256966d05ad5c8  2.2/rpms/sudo-1.6.8p2-1tr.i586.rpm

bf216f045129eb4b38349fb39ca5eb83  2.1/rpms/samba-3.0.7-2tr.i586.rpm
c76fee25117140451d492715a8183417  2.1/rpms/samba-client-3.0.7-2tr.i586.rpm
60bbf8e8e173673440198c1217000c84  2.1/rpms/samba-common-3.0.7-2tr.i586.rpm
0e7e7694e62530ae9d07bd1b9b165cce  2.1/rpms/samba-mysql-3.0.7-2tr.i586.rpm
51091585680beb1ba093a5c223bfb3bc  2.1/rpms/sudo-1.6.8p2-0.2tr.i586.rpm

4b9b2bc6692618d7d0b55a991c274b74  2.0/rpms/sudo-1.6.8p2-0.1tr.i586.rpm
ddbeb2e29e279ffab2d5bb1b4f439d04  1.5/rpms/sudo-1.6.8p2-0.1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBmgzJi8CEzsK9IksRAreXAKCi442/YAm+c9wfhLQmooBuc9Lh0gCeKBC4
TA+rggg0v42NFDY0o+rrlY8=
=omlt
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F35066)

132004.txt (PacketStormID:F35066)
2004-11-20 00:00:00
Stefan Esser  security.e-matters.de
advisory,remote,overflow,code execution
CVE-2004-0882
[点击下载]

Samba versions 3 through 3.0.7 suffer from a buffer overflow inside the QFILEPATHINFO request handler. This vulnerability allows for remote code execution.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                           e-matters GmbH
                          www.e-matters.de

                      -= Security  Advisory =-



     Advisory: Samba 3.x QFILEPATHINFO unicode filename buffer overflow
 Release Date: 2004/11/15
Last Modified: 2004/11/15
       Author: Stefan Esser [s.esser@e-matters.de]

  Application: Samba 3 <= 3.0.7
     Severity: A buffer overflow inside the QFILEPATHINFO request 
               handler allows remote code execution
         Risk: Critical
Vendor Status: Vendor has released a bugfixed version.
    Reference: http://security.e-matters.de/advisories/132004.html


Overview:

   Samba is an Open Source/Free Software suite that provides seamless 
   file and print services to SMB/CIFS clients. Samba is freely 
   available under the GNU General Public License.
   
   During an audit of the Samba 3.x codebase a unicode filename buffer
   overflow within the handling of TRANSACT2_QFILEPATHINFO replies
   was discovered that allows remote execution of arbitrary code.
   
   Exploiting this vulnerability is possible through every Samba user
   if a special crafted pathname exists. If such a path does not exist
   the attacker needs write access to one of the network shares.
   

Details:
   
   The SMB specification allows clients to specify a maximum amount
   of data bytes that the server is allowed to return in a single 
   reply. 

   When Samba 3.x receives a TRANSACT2_QFILEPATHINFO request with
   this field set to f.e. zero this can lead to an overflow of a
   unicode filename when constructing the reply.
   
   This is caused by the fact that Samba <= 3.0.7 reads this field,
   allocates 1024 bytes more than wanted and then writes the reply
   into this buffer without any kind of size check. While this
   behaviour was sufficient enough to protect against overflows in
   Samba 2.x the correction of the replies for the info_levels
   SMB_QUERY_FILE_NAME_INFO and SMB_QUERY_FILE_ALL_INFO to unicode
   full pathname strings allows overflowing the reserved buffer
   size.
   
   By using unicode chars within filenames this allows to overwrite
   malloc()/free() control structures and therefore allows remote
   code execution.
  

Proof of Concept:

   e-matters is not going to release an exploit for this vulnerability
   to the public.
   

Disclosure Timeline:

   24. September 2004 - Made initial contact with the Samba Team
   25. September 2004 - Samba Team has fixed the bug in CVS
   26. September 2004 - Disclosure was delayed on our side because 
                        of another issue that was suppossed to get
			disclosed at the same time
   08. November  2004 - Samba Team released 3.0.8 without noticing
                        us because they were wrongly convinced
			that the bug is not exploitable
   15. November  2004 - Public Disclosure

   
CVE Information:

   The Common Vulnerabilities and Exposures project (cve.mitre.org) has
   assigned the name CAN-2004-0882 to this issue.


Recommendation:

   Unlike several other Samba vulnerabilities within the last months
   this vulnerability affects default installations of Samba 3.x and
   therefore any user of Samba 3 <= 3.0.7 should upgrade as soon as
   possible.
   
   
GPG-Key:

   http://security.e-matters.de/gpg_key.asc
    
   pub  1024D/3004C4BC 2004-05-17 e-matters GmbH - Securityteam 
   Key fingerprint = 3FFB 7C86 7BE8 6981 D1DA  A71A 6F7D 572D 3004 C4BC


Copyright 2004 Stefan Esser. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBlTi8RDkUzAqGSqERAgipAKDLBKcBSdSPXRg94sBwgbuxgKph4QCfU6mu
KHJN/8BSRM2Z7N8GqdfEXfk=
=X6Vs
-----END PGP SIGNATURE-----



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息

11782
Samba QFILEPATHINFO Unicode Filename Request Handler Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-11-15 2004-09-24
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Samba QFILEPATHINFO Unicode Filename Remote Buffer Overflow Vulnerability
Boundary Condition Error 11678
Yes No
2004-11-15 12:00:00 2009-07-12 08:06:00
Discovery is credited to Stefan Esser <s.esser@ematters.de> and e-matters.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SCO Unixware 7.1.4
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0 alpha
Samba Samba 3.0
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Conectiva Linux 10.0
Samba Samba 3.0.8

- 不受影响的程序版本

Samba Samba 3.0.8

- 漏洞讨论

Samba is reported prone to a remote buffer overflow vulnerability. This issue presents itself because the application does not perform proper boundary checks before copying user-supplied data into finite sized process buffers. This issue can allow an attacker to execute arbitrary code on a vulnerable computer to gain unauthorized access.

This vulnerability is reported to affect Samba versions 3.0.0 to 3.0.7.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Samba version 3.0.8 has been released to address this issue. A patch is available from the vendor to address this issue in Samba 3.0.7 as well.

SuSE Linux has released advisory SUSE-SA:2004:040 along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

Trustix Linux has released an advisory (TSLSA-2004-0058) along with fixes dealing with this and other issues. Please see the referenced advisory for more information.

RedHat has released advisory RHSA-2004:632-17 along with fixes addressing this issue in RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information on obtaining the fixes.

Mandrake has released advisory MDKSA-2004:136 to address this issue. Please see the attached advisory for further information on obtaining and applying upgrades.

Conectiva Linux has released advisory CLA-2004:899 along with fixes addressing this issue. Please see the referenced advisory for further information.

RedHat has released advisories FEDORA-2004-459, and FEDORA-2004-460 to address this issue in Fedora Core 2 and 3 respectively. Please see the referenced advisories for further information.

Turbolinux has released advisory TLSA-2004-32 along with fixes dealing with this and another issues. Please see the referenced advisory for more information.

OpenPKG has released advisory OpenPKG-SA-2004.054 along with fixes resolving this issue. Please see the referenced OpenPKG advisory for more information.

SCO has released advisory SCOSA-2005.17 to address this, and other issues in SCO UnixWare 7.1.4. Please see the referenced advisory for further information.


Samba Samba 3.0 alpha

Samba Samba 3.0

Samba Samba 3.0.1

Samba Samba 3.0.2 a

Samba Samba 3.0.2

Samba Samba 3.0.3

Samba Samba 3.0.4 -r1

Samba Samba 3.0.4

Samba Samba 3.0.5

Samba Samba 3.0.6

Samba Samba 3.0.7

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站