CVE-2004-1154
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2010-08-21 00:21:56
NMCOPS    

[原文]Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.


[CNNVD]Samba smbd 整数溢出漏洞(CNNVD-200501-111)

        Samba是一套开源的实现SMB(Server Messages Block)协议,跨平台进行文件共享和打印共享服务的程序。
        Samba2.x及3.0.x至3.0.9系列版本中的守候进程smbd存在整数溢出漏洞。
        远程攻击者这可通过使用超大的安全描述符触发溢出,导致程序崩溃或执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:samba:samba:3.0.1Samba 3.0.1
cpe:/a:samba:samba:2.2.3aSamba Samba 2.2.3a
cpe:/o:trustix:secure_linux:2.2Trustix Secure Linux 2.2
cpe:/a:samba:samba:3.0.6Samba 3.0.6
cpe:/a:samba:samba:2.2.8aSamba Samba 2.2.8a
cpe:/a:samba:samba:2.2.3Samba 2.2.3
cpe:/a:samba:samba:2.2.6Samba 2.2.6
cpe:/a:samba:samba:2.2.7aSamba Samba 2.2.7a
cpe:/a:samba:samba:3.0.5Samba 3.0.5
cpe:/a:samba:samba:2.2.9Samba 2.2.9
cpe:/o:suse:suse_linux:9.0::enterprise_server
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/a:samba:samba:2.0.7Samba 2.0.7
cpe:/a:samba:samba:2.0.8Samba 2.0.8
cpe:/a:samba:samba:2.2.0aSamba Samba 2.2.0a
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/a:samba:samba:2.0.1Samba 2.0.1
cpe:/o:redhat:fedora_core:core_3.0
cpe:/a:samba:samba:2.2.12Samba 2.2.12
cpe:/a:samba:samba:3.0.7Samba 3.0.7
cpe:/a:samba:samba:3.0Samba 3.0
cpe:/a:samba:samba:2.2.5Samba 2.2.5
cpe:/a:samba:samba:3.0.8Samba 3.0.8
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/a:samba:samba:2.2.1aSamba Samba 2.2.1a
cpe:/a:samba:samba:3.0.4Samba 3.0.4
cpe:/a:samba:samba:3.0.0Samba 3.0.0
cpe:/a:samba:samba:2.2.7Samba 2.2.7
cpe:/o:suse:suse_linux:1.0::desktop
cpe:/a:samba:samba:3.0.9Samba 3.0.9
cpe:/a:samba:samba:2.2.0Samba 2.2.0
cpe:/a:samba:samba:2.2.4Samba 2.2.4
cpe:/a:samba:samba:3.0.2Samba 3.0.2
cpe:/a:samba:samba:3.0.2aSamba 3.0.2a
cpe:/a:samba:samba:2.2aSamba Samba 2.2a
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/a:samba:samba:2.2.8Samba 2.2.8
cpe:/a:samba:samba:2.0.6Samba 2.0.6
cpe:/a:samba:samba:2.0.3Samba 2.0.3
cpe:/a:samba:samba:2.0.2Samba 2.0.2
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/a:samba:samba:2.2.2Samba 2.2.2
cpe:/a:samba:samba:3.0.3Samba 3.0.3
cpe:/a:samba:samba:2.0.5Samba 2.0.5
cpe:/a:samba:samba:2.0.4Samba 2.0.4
cpe:/a:samba:samba:2.0.10Samba 2.0.10
cpe:/a:samba:samba:2.0.0Samba 2.0.0
cpe:/a:samba:samba:2.0.9Samba 2.0.9
cpe:/a:samba:samba:3.0.4:rc1Samba 3.0.4 release candidate 1
cpe:/a:samba:samba:2.2.11Samba 2.2.11

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:642HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.02)
oval:org.mitre.oval:def:1459HP-Samba DACL Remote Integer Overflow Vulnerability (CIFS A.01)
oval:org.mitre.oval:def:10236Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of serv...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1154
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1154
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-111
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/226184
(VENDOR_ADVISORY)  CERT-VN  VU#226184
http://xforce.iss.net/xforce/xfdb/18519
(VENDOR_ADVISORY)  XF  samba-msrpc-heap-corruption(18519)
http://www.samba.org/samba/security/CAN-2004-1154.html
(UNKNOWN)  CONFIRM  http://www.samba.org/samba/security/CAN-2004-1154.html
http://www.redhat.com/support/errata/RHSA-2005-020.html
(UNKNOWN)  REDHAT  RHSA-2005:020
http://www.novell.com/linux/security/advisories/2004_45_samba.html
(UNKNOWN)  SUSE  SUSE-SA:2004:045
http://www.debian.org/security/2005/dsa-701
(UNKNOWN)  DEBIAN  DSA-701
http://secunia.com/advisories/13453/
(UNKNOWN)  SECUNIA  13453
http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
(UNKNOWN)  APPLE  APPLE-SA-2005-03-21
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.17/SCOSA-2005.17.txt
(UNKNOWN)  SCO  SCOSA-2005.17
http://www.securityfocus.com/bid/11973
(UNKNOWN)  BID  11973
http://www.idefense.com/application/poi/display?id=165&type=vulnerabilities
(UNKNOWN)  IDEFENSE  20041216 Samba smbd Security Descriptor Integer Overflow Vulnerability
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57730-1
(UNKNOWN)  SUNALERT  57730
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101643-1
(UNKNOWN)  SUNALERT  101643

- 漏洞信息

Samba smbd 整数溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2005-10-20 00:00:00
远程  
        Samba是一套开源的实现SMB(Server Messages Block)协议,跨平台进行文件共享和打印共享服务的程序。
        Samba2.x及3.0.x至3.0.9系列版本中的守候进程smbd存在整数溢出漏洞。
        远程攻击者这可通过使用超大的安全描述符触发溢出,导致程序崩溃或执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.samba.org/samba/download/

- 漏洞信息 (F35375)

iDEFENSE Security Advisory 2004-12-16.t (PacketStormID:F35375)
2004-12-30 00:00:00
iDefense Labs,Greg MacManus  idefense.com
advisory,remote,overflow,arbitrary,root
CVE-2004-1154
[点击下载]

iDEFENSE Security Advisory 12.16.2004 - Remote exploitation of an integer overflow vulnerability in all versions of Samba's smbd prior to and including 3.0.8 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

Samba smbd Security Descriptor Integer Overflow Vulnerability

iDEFENSE Security Advisory 12.16.04
http://www.idefense.com/application/poi/display?id=165
December 16, 2004

I. BACKGROUND

Samba is an open source implementation of the SMB/CIFS protocol which
allows Windows clients to use resources on non-Windows systems. More
information is available at http://www.samba.org/

II. DESCRIPTION

Remote exploitation of an integer overflow vulnerability in all
versions of Samba's smbd prior to and including 3.0.8 could allow an
attacker to cause controllable heap corruption, leading to execution
of arbitrary commands with root privileges.

To open a file on a Samba server, a client sends a sequence of SMB
messages to the smbd process. The message with the information on the
file to open also contains a security descriptor, which is a list of
access controls to apply to the file. The vulnerability specifically
occurs in the allocation of memory to store these descriptors.

   /*
   * Even if the num_aces is zero, allocate memory as there's a
difference
   * between a non-present DACL (allow all access) and a DACL with no
ACE's
   * (allow no access).
   */
   if((psa->ace = (SEC_ACE *)prs_alloc_mem(ps,sizeof(psa->ace[0]) *
(psa->num_aces+1))) == NULL)
          return False;

When more than 38347922 descriptors are requested, an integer
overflow occurs resulting in less memory being allocated than was
requested. sizeof(psa->ace[0]) is 112, or 0x70 in hex.
0x70x(38347922 + 1)=4294967376, or 0x100000050. This number is larger
than can be stored in a 32-bit integer, so the bits that don't fit
are removed, leaving 0x50, or 80 in decimal. As one descriptor is 112
bytes, an overflow of at least 32 bytes will occur.

An attacker could supply data to the server which would cause the
heap to become corrupted in such a way as to cause arbitrary values
to be written to arbitrary locations, eventually leading to code
execution.

III. ANALYSIS

Successful remote exploitation allows an attacker to gain root
privileges on a vulnerable system. In order to exploit this
vulnerability an attacker would need to have credentials allowing
them access to the a share. Unsuccessful exploitation attempts will
cause the process serving the request to crash with signal 11, and
may leave evidence of an attack in logs.

IV. DETECTION

iDEFENSE Labs have confirmed that Samba 3.0.8 and 2.2.9 are
vulnerable.  Checks made against earlier versions of the source code
suggest that all versions from at least 2.0.0 are also vulnerable to
some minor variation of this vulnerability.

V. WORKAROUND

Employ firewalls, access control lists or other TCP/UDP restriction
mechanisms to limit access to systems and services.

VI. VENDOR RESPONSE

Patches for this issue are available at:

http://www.samba.org/samba/ftp/patches/security/samba-3.0.9-CAN-2004-115
4.patch
http://www.samba.org/samba/ftp/patches/security/samba-3.0.9-CAN-2004-115
4.patch.asc

VII. CVE INFORMATION

The Common Vulnerabilities and Exposures (CVE) project has assigned the
names CAN-2004-1154 to these issues. This is a candidate for inclusion
in the CVE list (http://cve.mitre.org), which standardizes names for
security problems.

VIII. DISCLOSURE TIMELINE

12/02/2004  Initial vendor notification
12/02/2004  Initial vendor response
12/16/2004  Coordinated public disclosure

IX. CREDIT

This vulnerability was discovered by Greg MacManus, iDEFENSE Labs.

Get paid for vulnerability research
http://www.idefense.com/poi/teams/vcp.jsp

X. LEGAL NOTICES

Copyright (c) 2004 iDEFENSE, Inc.

Permission is granted for the redistribution of this alert
electronically. It may not be edited in any way without the express
written consent of iDEFENSE. If you wish to reprint the whole or any
part of this alert in any other medium other than electronically,
please email customerservice@idefense.com for permission.

Disclaimer: The information in the advisory is believed to be
accurate at the time of publishing based on currently available
information. Use of the information constitutes acceptance for use in
an AS IS condition. There are no warranties with regard to this
information. Neither the author nor the publisher accepts any
liability for any direct, indirect, or consequential loss or damage
arising from use of, or reliance on, this information.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息 (F35374)

sambaRemote.txt (PacketStormID:F35374)
2004-12-30 00:00:00
 
advisory,remote,overflow,arbitrary,root
CVE-2004-1154
[点击下载]

Remote exploitation of an integer overflow vulnerability in the smbd daemon included in Samba 2.0.x, Samba 2.2.x, and Samba 3.0.x prior to and including 3.0.9 could allow an attacker to cause controllable heap corruption, leading to execution of arbitrary commands with root privileges.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

==========================================================
==
== Subject:	Possible remote code execution
== CVE ID#: 	CAN-2004-1154
==
== Versions:	Samba 2.x & 3.0.x <= 3.0.9
==
== Summary: 	A potential integer overflow when
==		unmarshalling specific MS-RPC requests
==		from clients could lead to heap
==		corruption and remote code execution.
==
==========================================================


===========
Description
===========

Remote exploitation of an integer overflow vulnerability
in the smbd daemon included in Samba 2.0.x, Samba 2.2.x,
and Samba 3.0.x prior to and including 3.0.9 could
allow an attacker to cause controllable heap corruption,
leading to execution of arbitrary commands with root
privileges.

Successful remote exploitation allows an attacker to
gain root privileges on a vulnerable system. In order
to exploit this vulnerability an attacker must possess
credentials that allow access to a share on the Samba server.
Unsuccessful exploitation attempts will cause the process
serving the request to crash with signal 11, and may leave
evidence of an attack in logs.


==================
Patch Availability
==================

A patch for Samba 3.0.9 (samba-3.0.9-CAN-2004-1154.patch)
can be downloaded from

	http://www.samba.org/samba/ftp/patches/security/

The patch has been signed with the "Samba Distribution
Verification Key" (ID F17F9772).


=============================
Protecting Unpatched Servers
=============================

The Samba Team always encourages users to run the latest
stable release as a defense against attacks.  However,
under certain circumstances it may not be possible to
immediately upgrade important installations.  In such
cases, administrators should read the "Server Security"
documentation found at

http://www.samba.org/samba/docs/server_security.html.


=======
Credits
=======

This security issue was reported to Samba developers by
iDEFENSE Labs.  The vulnerability was discovered by Greg
MacManus, iDEFENSE Labs.


==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBwXzZIR7qMdg1EfYRAqv1AJ9FqoFnBPnjNMGVjlsjO47yAk/UYACg9KMa
L+VEkr69J9oGg48m771bC7U=
=gtGA
-----END PGP SIGNATURE-----

    

- 漏洞信息

12422
Samba smbd Security Descriptor Parsing Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

- 时间线

2004-12-16 Unknow
Unknow 2005-02-11

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Samba has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Samba Directory Access Control List Remote Integer Overflow Vulnerability
Boundary Condition Error 11973
Yes No
2004-12-16 12:00:00 2006-10-19 01:14:00
Greg MacManus is credited with the discovery of this issue.

- 受影响的程序版本

Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
Sun Solaris 9_x86
Sun Solaris 9
SGI ProPack 3.0
SCO Unixware 7.1.4
Samba Samba 3.0.9
+ OpenPKG OpenPKG Current
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 9.1
Samba Samba 3.0.8
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0 alpha
Samba Samba 3.0
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.2
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3.1
+ Apple Mac OS X 10.3
+ Apple Mac OS X 10.3
+ Apple Mac OS X Server 10.3.2
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3.1
+ Apple Mac OS X Server 10.3
+ Apple Mac OS X Server 10.3
Samba Samba 2.2.12
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
Samba Samba 2.2.11
Samba Samba 2.2.9
Samba Samba 2.2.8 a
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Samba Samba 2.2.8
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.7
+ FreeBSD FreeBSD 4.6
+ FreeBSD FreeBSD 4.6
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
Samba Samba 2.2.7 a
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 8.0
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 9.0 i386
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 8.1
+ Slackware Linux 8.1
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
+ Turbolinux Turbolinux Workstation 7.0
Samba Samba 2.2.7
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ Sun Linux 5.0.6
+ Sun Solaris 9_x86
+ Sun Solaris 9_x86
+ Sun Solaris 9
+ Sun Solaris 9
Samba Samba 2.2.6
+ Mandriva Linux Mandrake 9.0
Samba Samba 2.2.5
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.3
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.2
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2.1
+ Apple Mac OS X 10.2
+ Apple Mac OS X 10.2
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc3
+ HP CIFS/9000 Server A.01.09.02
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.05
+ HP CIFS/9000 Server A.01.05
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG 1.1
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i686
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 8.0
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux 8.1
Samba Samba 2.2.5
+ RedHat Linux 8.0
Samba Samba 2.2.4
+ Slackware Linux 8.1
Samba Samba 2.2.3 a
+ Conectiva Linux 8.0
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
Samba Samba 2.2.3 a
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 8.0
Samba Samba 2.2.3
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X 10.2.4
+ Apple Mac OS X Server 10.2.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
Samba Samba 2.2.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.1
+ OpenPKG OpenPKG 1.0
+ OpenPKG OpenPKG 1.0
Samba Samba 2.2.1 a
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2
+ RedHat Linux 7.2
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.3
+ Sun Linux 5.0
+ Sun LX50
Samba Samba 2.2.1 a
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3 i386
Samba Samba 2.2 a
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
Samba Samba 2.2 .0a
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ Slackware Linux 8.0
+ Slackware Linux 8.0
Samba Samba 2.2 .0
- S.u.S.E. Linux 7.2
Samba Samba 2.0.10
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1
+ Veritas Software ServPoint NAS 3.5
+ Veritas Software ServPoint NAS 1.2.2
+ Veritas Software ServPoint NAS 1.2.2
+ Veritas Software ServPoint NAS 1.2.1
+ Veritas Software ServPoint NAS 1.2.1
+ Veritas Software ServPoint NAS 1.2
+ Veritas Software ServPoint NAS 1.2
+ Veritas Software ServPoint NAS 1.1
+ Veritas Software ServPoint NAS 1.1
+ Wirex Immunix OS 7+
+ Wirex Immunix OS 7+
Samba Samba 2.0.9
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X Server 10.0
- Apple Mac OS X Server 10.0
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
- Debian Linux 2.2
- Debian Linux 2.2
- Red Hat Linux 6.2
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 7.0
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 ppc
- S.u.S.E. Linux 6.4 alpha
- S.u.S.E. Linux 6.4 alpha
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3 alpha
- S.u.S.E. Linux 6.3 alpha
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.3
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.2
- Trustix Secure Linux 1.1
- Trustix Secure Linux 1.1
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0
- Wirex Immunix OS 7.0
- Wirex Immunix OS 6.2
- Wirex Immunix OS 6.2
Samba Samba 2.0.8
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Conectiva Linux 6.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.1
- Conectiva Linux 4.0 es
- Conectiva Linux 4.0 es
- Conectiva Linux 4.0
- Conectiva Linux 4.0
- Conectiva Linux graficas
- Conectiva Linux graficas
- Conectiva Linux ecommerce
- Conectiva Linux ecommerce
- Debian Linux 2.2 sparc
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2 68k
- Debian Linux 2.2
- Debian Linux 2.2
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 alpha
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4
- SCO eDesktop 2.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
- SCO eServer 2.3.1
- Sun Solaris 8_x86
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 7.0
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0 -Beta
- Wirex Immunix OS 7.0
- Wirex Immunix OS 7.0
- Wirex Immunix OS 6.2
- Wirex Immunix OS 6.2
Samba Samba 2.0.7
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux 2.3
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
+ Conectiva Linux 4.1
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0 es
+ Conectiva Linux 4.0
+ Conectiva Linux 4.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Conectiva Linux ecommerce
+ Debian Linux 2.3 sparc
+ Debian Linux 2.3 sparc
+ Debian Linux 2.3 powerpc
+ Debian Linux 2.3 powerpc
+ Debian Linux 2.3 alpha
+ Debian Linux 2.3 alpha
+ Debian Linux 2.3
+ Debian Linux 2.3
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ Debian Linux 2.2
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 7.0
+ Progeny Debian 1.0
+ Progeny Debian 1.0
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0
+ RedHat Linux 7.0
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ SCO eDesktop 2.4
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
+ SCO eServer 2.3.1
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ 550 4100R
+ Sun Cobalt RaQ 550 4100R
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR 3500R
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.1
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0 -Beta
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 6.2

- 不受影响的程序版本

Samba Samba 3.0.10
+ Slackware Linux 10.1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1

- 漏洞讨论

A remotely exploitable integer-overflow vulnerability affects Samba's directory access control list (DACL) processing functionality. This issue is due to the application's failure to properly perform sanity checking on calculated data sizes before copying data into static process buffers.

An attacker with access to an SMB share may leverage this issue to overwrite the heap of the affected process, facilitating code execution with superuser privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released patches dealing with this issue. Please see the referenced advisories for more information.

Sun Microsystems has updated Alert ID 101643 (formerly 57730), detailing a final resolution to this issue.


Samba Samba 2.2.12

Samba Samba 2.2.3 a

Samba Samba 2.2.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站