CVE-2006-3403
CVSS5.0
发布时间 :2006-07-12 15:05:00
修订时间 :2013-08-02 01:11:00
NMCOPS    

[原文]The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of share connection requests.


[CNNVD]Samba过多共享连接请求拒绝服务漏洞(CNNVD-200607-192)

         Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
         Samba的实现上存在意外情况处理失败的问题,远程攻击者可能利用此漏洞对Samba服务器执行拒绝服务攻击。
         smbd守护程序维护着追踪文件和打印共享活动连接的内部数据结构。在某些环境下如果向smbd守护程序发送了大量的共享连接请求的话,就会导致持续增加smbd进程的内存占用率,造成拒绝服务。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:samba:samba:3.0.18Samba 3.0.18
cpe:/a:samba:samba:3.0.9Samba 3.0.9
cpe:/a:samba:samba:3.0.21Samba 3.0.21
cpe:/a:samba:samba:3.0.20bSamba 3.0.20b
cpe:/a:samba:samba:3.0.19Samba 3.0.19
cpe:/a:samba:samba:3.0.20aSamba 3.0.20a
cpe:/a:samba:samba:3.0.22Samba 3.0.22
cpe:/a:samba:samba:3.0.14aSamba 3.0.14a
cpe:/a:samba:samba:3.0.12Samba 3.0.12
cpe:/a:samba:samba:3.0.21bSamba 3.0.21b
cpe:/a:samba:samba:3.0.11Samba 3.0.11
cpe:/a:samba:samba:3.0.21aSamba 3.0.21a
cpe:/a:samba:samba:3.0.14Samba 3.0.14
cpe:/a:samba:samba:3.0.13Samba 3.0.13
cpe:/a:samba:samba:3.0.1Samba 3.0.1
cpe:/a:samba:samba:3.0.21cSamba 3.0.21c
cpe:/a:samba:samba:3.0.16Samba 3.0.16
cpe:/a:samba:samba:3.0.15Samba 3.0.15
cpe:/a:samba:samba:3.0.17Samba 3.0.17
cpe:/a:samba:samba:3.0.6Samba 3.0.6
cpe:/a:samba:samba:3.0.7Samba 3.0.7
cpe:/a:samba:samba:3.0.8Samba 3.0.8
cpe:/a:samba:samba:3.0.2Samba 3.0.2
cpe:/a:samba:samba:3.0.3Samba 3.0.3
cpe:/a:samba:samba:3.0.10Samba 3.0.10
cpe:/a:samba:samba:3.0.4Samba 3.0.4
cpe:/a:samba:samba:3.0.5Samba 3.0.5

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11355The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3403
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-192
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA06-333A.html
(UNKNOWN)  CERT  TA06-333A
http://www.kb.cert.org/vuls/id/313836
(UNKNOWN)  CERT-VN  VU#313836
http://www.securityfocus.com/bid/18927
(PATCH)  BID  18927
http://www.samba.org/samba/security/CAN-2006-3403.html
(PATCH)  CONFIRM  http://www.samba.org/samba/security/CAN-2006-3403.html
http://secunia.com/advisories/20983
(VENDOR_ADVISORY)  SECUNIA  20983
http://secunia.com/advisories/20980
(VENDOR_ADVISORY)  SECUNIA  20980
http://www.vupen.com/english/advisories/2006/4750
(UNKNOWN)  VUPEN  ADV-2006-4750
http://www.vupen.com/english/advisories/2006/4502
(UNKNOWN)  VUPEN  ADV-2006-4502
http://www.vupen.com/english/advisories/2006/2745
(UNKNOWN)  VUPEN  ADV-2006-2745
http://www.securityfocus.com/archive/1/archive/1/448957/100/0/threaded
(UNKNOWN)  HP  HPSBUX02155
http://docs.info.apple.com/article.html?artnum=304829
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=304829
http://xforce.iss.net/xforce/xfdb/27648
(UNKNOWN)  XF  samba-smbd-connection-dos(27648)
http://www.vmware.com/download/esx/esx-213-200610-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-202-200610-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://www.ubuntu.com/usn/usn-314-1
(UNKNOWN)  UBUNTU  USN-314-1
http://www.securityfocus.com/archive/1/archive/1/451426/100/200/threaded
(UNKNOWN)  BUGTRAQ  20061113 VMSA-2006-0008 - VMware ESX Server 2.0.2 Upgrade Patch 2
http://www.securityfocus.com/archive/1/archive/1/451417/100/200/threaded
(UNKNOWN)  BUGTRAQ  20061113 VMSA-2006-0007 - VMware ESX Server 2.1.3 Upgrade Patch 2
http://www.securityfocus.com/archive/1/archive/1/451404/100/0/threaded
(UNKNOWN)  BUGTRAQ  20061113 VMSA-2006-0006 - VMware ESX Server 2.5.3 Upgrade Patch 4
http://www.securityfocus.com/archive/1/archive/1/448957/100/0/threaded
(UNKNOWN)  HP  SSRT061235
http://www.securityfocus.com/archive/1/archive/1/440836/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060721 Re: Samba Internal Data Structures DOS Vulnerability Exploit
http://www.securityfocus.com/archive/1/archive/1/440767/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060720 Samba Internal Data Structures DOS Vulnerability Exploit
http://www.securityfocus.com/archive/1/archive/1/439880/100/100/threaded
(UNKNOWN)  BUGTRAQ  20060711 rPSA-2006-0128-1 samba samba-swat
http://www.securityfocus.com/archive/1/archive/1/439875/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060710 Re: [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
http://www.securityfocus.com/archive/1/archive/1/439757/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060710 [ANNOUNCEMENT] Samba 3.0.1 - 3.0.22: memory exhaustion DoS against smbd
http://www.redhat.com/support/errata/RHSA-2006-0591.html
(UNKNOWN)  REDHAT  RHSA-2006:0591
http://www.novell.com/linux/security/advisories/2006_17_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:017
http://www.mandriva.com/security/advisories?name=MDKSA-2006:120
(UNKNOWN)  MANDRIVA  MDKSA-2006:120
http://www.debian.org/security/2006/dsa-1110
(UNKNOWN)  DEBIAN  DSA-1110
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.416876
(UNKNOWN)  SLACKWARE  SSA:2006-195
http://securitytracker.com/id?1016459
(UNKNOWN)  SECTRACK  1016459
http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
(UNKNOWN)  MISC  http://securitydot.net/xpl/exploits/vulnerabilities/articles/1175/exploit.html
http://security.gentoo.org/glsa/glsa-200607-10.xml
(UNKNOWN)  GENTOO  GLSA-200607-10
http://secunia.com/advisories/23155
(UNKNOWN)  SECUNIA  23155
http://secunia.com/advisories/22875
(UNKNOWN)  SECUNIA  22875
http://secunia.com/advisories/21262
(UNKNOWN)  SECUNIA  21262
http://secunia.com/advisories/21190
(UNKNOWN)  SECUNIA  21190
http://secunia.com/advisories/21187
(UNKNOWN)  SECUNIA  21187
http://secunia.com/advisories/21159
(UNKNOWN)  SECUNIA  21159
http://secunia.com/advisories/21143
(UNKNOWN)  SECUNIA  21143
http://secunia.com/advisories/21086
(UNKNOWN)  SECUNIA  21086
http://secunia.com/advisories/21046
(UNKNOWN)  SECUNIA  21046
http://secunia.com/advisories/21019
(UNKNOWN)  SECUNIA  21019
http://secunia.com/advisories/21018
(UNKNOWN)  SECUNIA  21018
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
(UNKNOWN)  APPLE  APPLE-SA-2006-11-28
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
(UNKNOWN)  SGI  20060703-01-P

- 漏洞信息

Samba过多共享连接请求拒绝服务漏洞
中危 其他
2006-07-12 00:00:00 2006-07-13 00:00:00
远程  
         Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
         Samba的实现上存在意外情况处理失败的问题,远程攻击者可能利用此漏洞对Samba服务器执行拒绝服务攻击。
         smbd守护程序维护着追踪文件和打印共享活动连接的内部数据结构。在某些环境下如果向smbd守护程序发送了大量的共享连接请求的话,就会导致持续增加smbd进程的内存占用率,造成拒绝服务。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Samba Samba 3.0.20b
        Samba samba-3.0-CAN-2006-3403.patch
        http://us2.samba.org/samba/ftp/patches/security/samba-3.0-CAN-2006-340 3.patch
        Turbolinux Turbolinux 10 F...
        Turbolinux samba-2.2.7a-15jaJP.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/samba-2.2.7a-15jaJP.i586.rpm
        Turbolinux samba-devel-2.2.7a-15jaJP.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/samba-devel-2.2.7a-15jaJP.i586.rpm
        Turbolinux smbfs-2.2.7a-15jaJP.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/smbfs-2.2.7a-15jaJP.i586.rpm
        Turbolinux Turbolinux FUJI
        Turbolinux samba-3.0.20a-6.i686.rpm
        Turbolinux FUJI
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux samba-devel-3.0.20a-6.i686.rpm
        Turbolinux FUJI
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux samba-python-3.0.20a-6.i686.rpm
        Turbolinux FUJI
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux smbfs-3.0.20a-6.i686.rpm
        Turbolinux FUJI
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Samba Samba 3.0.21a
        Samba samba-3.0-CAN-2006-3403.patch
        http://us2.samba.org/samba/ftp/patches/security/samba-3.0-CAN-2006-340 3.patch
        Samba Samba 3.0.21b
        Samba samba-3.0-CAN-2006-3403.patch
        http://us2.samba.org/samba/ftp/patches/security/samba-3.0-CAN-2006-340 3.patch
        Samba Samba 3.0.20a
        Samba samba-3.0-CAN-2006-3403.patch
        http://us2.samba.org/samba/ftp/patches/security/samba-3.0-CAN-2006-340 3.patch
        TurboLinux Multimedia
        Turbolinux samba-2.2.7a-15jaJP.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/samba-2.2.7a-15jaJP.i586.rpm
        Turbolinux samba-devel-2.2.7a-15jaJP.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/samba-devel-2.2.7a-15jaJP.i586.rpm
        Turbolinux smbfs-2.2.7a-15jaJP.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/smbfs-2.2.7a-15jaJP.i586.rpm
        Slackware Linux -current
        Slackware Updated package for Slackware -current:
        ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/sa mba-3.0.23-i486-1.tgz
        Turbolinux Appliance Server 1.0 Workgroup Edition
        Turbolinux samba-2.2.7a-15jaJP.i586.rpm
        Turbolinux Appliance Server 1.0 Workgroup Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux samba-devel-2.2.7a-15jaJP.i586.rpm
        Turbolinux Appliance Server 1.0 Workgroup Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux smbfs-2.2.7a-15jaJP.i586.rpm
        Turbolinux Appliance Server 1.0 Workgroup Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux Turbolinux Server 10.0
        Turbolinux samba-3.0.6-17.i586.rpm
        Turbolinux 10 Server
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/samba-3.0.6-17.i586.rpm
        Turbolinux samba-3.0.6-17.x86_64.rpm
        Turbolinux 10 Server x64 Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/samba-3.0.6-17.x86_64.rpm
        Turbolinux samba-debug-3.0.6-17.i586.rpm
        Turbolinux 10 Server
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/samba-debug-3.0.6-17.i586.rpm
        Turbolinux samba-debug-3.0.6-17.x86_64.rpm
        Turbolinux 10 Server x64 Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/x64/Server/10/upd ates/RPMS/samba-debug-3.0.6-17.x86_64.rpm
        Turbolinux samba-devel

- 漏洞信息 (F52052)

VMware Security Advisory 2006-0008 (PacketStormID:F52052)
2006-11-14 00:00:00
VMware  vmware.com
advisory,vulnerability,python
CVE-2004-2069,CVE-2006-3403,CVE-2005-2177,CVE-2006-3467,CVE-2006-1056,CVE-2006-1342,CVE-2006-1343,CVE-2006-1864,CVE-2006-2071
[点击下载]

VMware Security Advisory - A new update has been released for VMware ESX 2.0.2 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2006-0008
Synopsis:          VMware ESX Server 2.0.2 Upgrade Patch 2
Patch URL: http://www.vmware.com/download/esx/esx-202-200610-patch.html
Issue date:        2006-10-31
Updated on:        2006-11-13
CVE Names:         CAN-2004-2069 CVE-2006-3403 CVE-2005-2177
                   CVE-2006-3467 CVE-2006-1342 CVE-2006-1343
                   CVE-2006-1864 CVE-2006-2071
- - -------------------------------------------------------------------

1. Summary:

Updated package addresses several security issues.

2. Relevant releases:

VMware ESX 2.0.2 prior to upgrade patch 2

3. Problem description:

This patch addresses the following security issues:

Openssh -- A bug was found in the way the OpenSSH server handled the
MaxStartups and LoginGraceTime configuration variables. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2004-2069 to this issue.

samba -- A denial of service bug was found in the way the smbd daemon
tracks active connections to shares. It was possible for a remote
attacker to cause the smbd daemon to consume a large amount of system
memory by sending carefully crafted smb requests. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2006-3403 to this issue.

Python -- An integer overflow flaw was found in Python's PCRE library
that could be triggered by a maliciously crafted regular expression. On
systems that accept arbitrary regular expressions from untrusted users,
this could be exploited to execute arbitrary code with the privileges of
the application using the library. The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CVE-2005-2491 to
this issue.

ucd-snmp -- A denial of service bug was found in the way ucd-snmp uses
network stream protocols. A remote attacker could send a ucd-snmp agent
a specially crafted packet which will cause the agent to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2005-2177 to this issue.

XFree86 -- An integer overflow flaw in the way the XFree86 server
processes PCF font files was discovered. A malicious authorized client
could exploit this issue to cause a denial of service (crash) or
potentially execute arbitrary code with root privileges on the XFree86
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-3467 to this issue.

A minor info leak in socket name handling in the network code
(CVE-2006-1342).
A minor info leak in socket option handling in the network code
(CVE-2006-1343).
A directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via "..\\"
sequences (CVE-2006-1864).
A flaw in the mprotect system call that allowed to give write permission
to a readonly attachment of shared memory (CVE-2006-2071).

NOTE: AMD processers were not supported in the VMware ESX 2.0.2 release
so CVE-2006-1056 is not applicable to this version of the product.

The non-security-related fixes are documented on the patch download page.

4. Solution:

Upgrade to the latest update package for your release of ESX.
http://www.vmware.com/download/esx/

http://www.vmware.com/download/esx/esx-202-200610-patch.html

he md5 checksum output should match the following:
9e79d333ac9360122fb69bc8fc549405 esx-2.0.2-31924-upgrade.tar.gz

5. References:
http://www.vmware.com/download/esx/esx-202-200610-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
http://www.vmware.com/products/esx/
http://www.vmware.com/download/esx/

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2006 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFWP5W6KjQhy2pPmkRCDVzAJ9O3O4zIUSmEW9i4NyvxKxd1xUMLwCfRrYT
PiCazE9ioHCf33AaY31k8mU=
=U+XZ
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F52051)

VMware Security Advisory 2006-0007 (PacketStormID:F52051)
2006-11-14 00:00:00
VMware  vmware.com
advisory,vulnerability,python
CVE-2004-2069,CVE-2006-3403,CVE-2005-2177,CVE-2006-3467,CVE-2006-1056,CVE-2006-1342,CVE-2006-1343,CVE-2006-1864,CVE-2006-2071
[点击下载]

VMware Security Advisory - A new update has been released for VMware ESX 2.1.3 versions prior to upgrade patch 2. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2006-0007
Synopsis:          VMware ESX Server 2.1.3 Upgrade Patch 2
Patch URL: http://www.vmware.com/download/esx/esx-213-200610-patch.html
Issue date:        2006-10-31
Updated on:        2006-11-13
CVE Names:         CAN-2004-2069 CVE-2006-3403 CVE-2005-2177
                   CVE-2006-3467 CVE-2006-1056 CVE-2006-1342
                   CVE-2006-1343 CVE-2006-1864 CVE-2006-2071
- - -------------------------------------------------------------------

1. Summary:

Updated package addresses several security issues.

2. Relevant releases:

VMware ESX 2.1.3 prior to upgrade patch 2

3. Problem description:

This patch addresses the following security issues:

Openssh -- A bug was found in the way the OpenSSH server handled the
MaxStartups and LoginGraceTime configuration variables. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2004-2069 to this issue.

samba -- A denial of service bug was found in the way the smbd daemon
tracks active connections to shares. It was possible for a remote
attacker to cause the smbd daemon to consume a large amount of system
memory by sending carefully crafted smb requests. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2006-3403 to this issue.

Python -- An integer overflow flaw was found in Python's PCRE library
that could be triggered by a maliciously crafted regular expression. On
systems that accept arbitrary regular expressions from untrusted users,
this could be exploited to execute arbitrary code with the privileges of
the application using the library. The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CVE-2005-2491 to
this issue.

ucd-snmp -- A denial of service bug was found in the way ucd-snmp uses
network stream protocols. A remote attacker could send a ucd-snmp agent
a specially crafted packet which will cause the agent to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2005-2177 to this issue.

XFree86 -- An integer overflow flaw in the way the XFree86 server
processes PCF font files was discovered. A malicious authorized client
could exploit this issue to cause a denial of service (crash) or
potentially execute arbitrary code with root privileges on the XFree86
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-3467 to this issue.

An AMD fxsave/restore security vulnerability. The instructions fxsave
and fxrstor on AMD CPUs are used to save or restore the FPU registers
(FOP, FIP and FDP). On AMD Opteron processors, these instructions do not
save/restore some exception related registers unless an exception is
currently being serviced. This could allow a local attacker to partially
monitor the execution path of FPU processes, possibly allowing them to
obtain sensitive information being passed through those processes.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CVE-2006-1056 to this issue.

A minor info leak in socket name handling in the network code
(CVE-2006-1342).
A minor info leak in socket option handling in the network code
(CVE-2006-1343).
A directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via "..\\"
sequences (CVE-2006-1864).
A flaw in the mprotect system call that allowed to give write permission
to a readonly attachment of shared memory (CVE-2006-2071).

The non-security-related fixes are documented on the patch download page.

4. Solution:

Upgrade to the latest update package for your release of ESX.
http://www.vmware.com/download/esx/

http://www.vmware.com/download/esx/esx-213-200610-patch.html

The md5 checksum output should match the following:
c7057896ee275ce28b0b94a2186c1232 esx-2.1.3-24171-upgrade.tar.gz

5. References:
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
http://www.vmware.com/products/esx/
http://www.vmware.com/download/esx/

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2006 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFWP5M6KjQhy2pPmkRCGbTAJ9a4PnHLWO6HwHQKzVPj1VI9V0dVQCdETxH
ISqiyTar1d433nMH9q/JvxA=
=cesx
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F52050)

VMware Security Advisory 2006-0006 (PacketStormID:F52050)
2006-11-14 00:00:00
VMware  vmware.com
advisory,vulnerability,python
CVE-2004-2069,CVE-2006-3403,CVE-2005-2177,CVE-2006-3467,CVE-2006-1056,CVE-2006-1342,CVE-2006-1343,CVE-2006-1864,CVE-2006-2071
[点击下载]

VMware Security Advisory - A new update has been released for VMware ESX versions 2.5.3 prior to upgrade patch 4. This patch addresses vulnerabilities in Openssh, samba, Python, ucd-snmp, XFree86, and more.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- - -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2006-0006
Synopsis:          VMware ESX Server 2.5.3 Upgrade Patch 4
Patch URL: http://www.vmware.com/download/esx/esx-253-200610-patch.html
Issue date:        2006-10-31
Updated on:        2006-11-13
CVE Names:         CAN-2004-2069 CVE-2006-3403 CVE-2005-2177
                   CVE-2006-3467 CVE-2006-1056 CVE-2006-1342
                   CVE-2006-1343 CVE-2006-1864 CVE-2006-2071
- - -------------------------------------------------------------------

1. Summary:

Updated package addresses several security issues.

2. Relevant releases:

VMware ESX 2.5.3 prior to upgrade patch 4

3. Problem description:

This patch addresses the following security issues:

Openssh -- A bug was found in the way the OpenSSH server handled the
MaxStartups and LoginGraceTime configuration variables. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CAN-2004-2069 to this issue.

samba -- A denial of service bug was found in the way the smbd daemon
tracks active connections to shares. It was possible for a remote
attacker to cause the smbd daemon to consume a large amount of system
memory by sending carefully crafted smb requests. The Common
Vulnerabilities and Exposures project (cve.mitre.org) assigned the name
CVE-2006-3403 to this issue.

Python -- An integer overflow flaw was found in Python's PCRE library
that could be triggered by a maliciously crafted regular expression. On
systems that accept arbitrary regular expressions from untrusted users,
this could be exploited to execute arbitrary code with the privileges of
the application using the library. The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the name CVE-2005-2491 to
this issue.

ucd-snmp -- A denial of service bug was found in the way ucd-snmp uses
network stream protocols. A remote attacker could send a ucd-snmp agent
a specially crafted packet which will cause the agent to crash. The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CAN-2005-2177 to this issue.

XFree86 -- An integer overflow flaw in the way the XFree86 server
processes PCF font files was discovered. A malicious authorized client
could exploit this issue to cause a denial of service (crash) or
potentially execute arbitrary code with root privileges on the XFree86
server. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CVE-2006-3467 to this issue.

An AMD fxsave/restore security vulnerability. The instructions fxsave
and fxrstor on AMD CPUs are used to save or restore the FPU registers
(FOP, FIP and FDP). On AMD Opteron processors, these instructions do not
save/restore some exception related registers unless an exception is
currently being serviced. This could allow a local attacker to partially
monitor the execution path of FPU processes, possibly allowing them to
obtain sensitive information being passed through those processes.  The
Common Vulnerabilities and Exposures project (cve.mitre.org) assigned
the name CVE-2006-1056 to this issue.

A minor info leak in socket name handling in the network code
(CVE-2006-1342).
A minor info leak in socket option handling in the network code
(CVE-2006-1343).
A directory traversal vulnerability in smbfs that allowed a local user
to escape chroot restrictions for an SMB-mounted filesystem via "..\\"
sequences (CVE-2006-1864).
A flaw in the mprotect system call that allowed to give write permission
to a readonly attachment of shared memory (CVE-2006-2071).

The non-security-related fixes are documented on the patch download page.

4. Solution:

Upgrade to the latest update package for your release of ESX.
http://www.vmware.com/download/esx/

http://www.vmware.com/download/esx/esx-253-200610-patch.html

The md5 checksum output should match the following:
4852f5a00e29b5780d9d0fadc0d28f3e esx-2.5.3-32134-upgrade.tar.gz

Please DO NOT apply this patch on SunFire X4100 or X4200 servers.
For further details, please refer to knowledge base article 2085:
Installing ESX 2.5.3 on SunFire x4100 and x4200 Servers.
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2085

5. References:
http://www.vmware.com/download/esx/esx-253-200610-patch.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2177
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3467
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2071
http://www.vmware.com/products/esx/
http://www.vmware.com/download/esx/

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2006 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFFWP476KjQhy2pPmkRCD9rAKC9xQ9ej+t23opBsZn5BY6w736lmQCfQ9WA
5PuJxKgAYF2RTeQoXM7lr1I=
=miw3
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F48232)

Ubuntu Security Notice 314-1 (PacketStormID:F48232)
2006-07-13 00:00:00
Ubuntu  security.ubuntu.com
advisory,remote,denial of service
linux,ubuntu
CVE-2006-3403
[点击下载]

Ubuntu Security Notice 314-1 - The Samba security team reported a Denial of Service vulnerability in the handling of information about active connections. In certain circumstances an attacker could continually increase the memory usage of the smbd process by issuing a large number of share connection requests. By draining all available memory, this could be exploited to render the remote Samba server unusable.

=========================================================== 
Ubuntu Security Notice USN-314-1              July 12, 2006
samba vulnerability
CVE-2006-3403
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04
Ubuntu 5.10
Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.04:
  samba                                    3.0.10-1ubuntu3.1

Ubuntu 5.10:
  samba                                    3.0.14a-6ubuntu1.1

Ubuntu 6.06 LTS:
  samba                                    3.0.22-1ubuntu3.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

The Samba security team reported a Denial of Service vulnerability in
the handling of information about active connections. In certain
circumstances an attacker could continually increase the memory usage
of the  smbd process by issuing a large number of share connection
requests. By draining all available memory, this could be exploited to
render the remote Samba server unusable.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1.diff.gz
      Size/MD5:   107580 f41e99280b44e47c1e1a0c86a56c66de
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1.dsc
      Size/MD5:      978 d516ac96d66dbda1388e861ec8220ee7
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10.orig.tar.gz
      Size/MD5: 15176926 b19fd86d3c11a1b43f75a5988cd9ceeb

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.10-1ubuntu3.1_all.deb
      Size/MD5: 11676712 55beda5b448bd6ef999d76a8e75ad3aa

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:   372670 7e7a00d1458113ae03ab9ceef1c33f92
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:   780744 a9e481451b19277676fe825118b6097b
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:   590090 8d76d3c3b1215b421a09ad40714ae533
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  5070312 35dfb5c2e732296d16c242af7d1386e7
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  2150094 835196ef9aeac4f16356522cb2d6b493
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  6390788 5b4cb573a5813c12dbca92895612306e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  2733990 311b65f9c3d9bcfbae6cf527a7101081
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  2813560 a5fdc57b8c3f39a1599685971196cb1f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:   403878 39ed8078277f923e533f01c62d96981a
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  4062114 94d4663ac08126eae60227429a8e1143
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.10-1ubuntu3.1_amd64.deb
      Size/MD5:  1623058 83d1e2d9b57331a14d50d1a5fd231aff

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:   329214 0a57f5b7ec5c9d426a1a5d0306a0ee72
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:   704546 84d98ae1dd41a8161ad8ea097dbc8a4e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:   523310 59e49f6c871b85bf6cb04ee4b264bd39
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  4464594 10ded0e61a32f344633d25eb5c6f55a3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  1887970 19f0177cbc0cbcdc795c6fb742512152
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  6543900 7920120df8ae6d539965c199c07d1604
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  2355884 d309130e0783d153dc891a9a6a5ecaf3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  2394052 5aa3665da0c4e601c98bceae300d6873
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:   349340 dec1bb93b9527fd91a60327314eead5f
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  3970654 b0eec523c12dfe4f544ef079f79e3b12
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.10-1ubuntu3.1_i386.deb
      Size/MD5:  1390678 628e54ba80d8545cd44b83e11700ad75

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:   358522 0d38ba8e9908491258127515d5ad37e1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:   722336 0468f7a5b5c51aff17e213c7148ef9c2
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:   579332 407ec512f5fbbe5cd14d41af22787942
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  4863110 73c8e3c0484e83dcdb7463ff01ec4add
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  2105416 b81c07b6f31f20c52d3b33fdab1e8e7e
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  6763712 5dffbcd83d57380b45cecee629265d32
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  2690662 a88394243daccc0959e2c757464fc5d0
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  2764360 ef97717a745d1e0d481d4b7626e3f323
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:   399766 ea3f4f5e24fb24b83e4c7f6cd4b6ed2b
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  4049558 b8dba5ee5b64b74b9e859da0ce03bc22
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.10-1ubuntu3.1_powerpc.deb
      Size/MD5:  1579300 568bd99ab68023e62beca2d27a015d15

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.1.diff.gz
      Size/MD5:   127169 9e62727b43e506c5ea6234dcc4f0be7d
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.1.dsc
      Size/MD5:     1111 16ab1ae7afefc0ce4674235c848d7b04
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a.orig.tar.gz
      Size/MD5: 15605851 ebee37e66a8b5f6fd328967dc09088e8

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.14a-6ubuntu1.1_all.deb
      Size/MD5: 12121388 17aaba2f056482144491322bf8db1855

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:   390976 b1537e871a18c0eaf876263c100bb16d
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:    63842 c8c7e48e833c4e93975a71c355790254
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:   620516 8faa8811a93e1dc9b1e337b30cae191e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  5356262 f6cb6589868ec959a2ebff852b69148e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  2217424 8b543faf6f7e083513713307067c5798
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  6310582 1c6695ce899fc511634fb596327d0a80
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  2835754 ad22165da35e6fb705ee21bf25a90625
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  2901332 fffc1cc0ab9a6496d41eb0fb6e9509e5
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:   420682 e80a709bd79d95e11d84a6d87c296f3a
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  4136238 3b81f914b483fff7d33bf99f46708a5d
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.14a-6ubuntu1.1_amd64.deb
      Size/MD5:  1670620 3ce7b2c2e0bf844e670fe455f43ab3e2

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:   337146 a66532d5c6a4e59bf49f88a869788546
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:    63848 d270c1e748ffa279c901dbe1bac53e07
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:   531558 e369274071d40e49eed14238d4c7fc8f
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  4550040 a4a355d70ccb57441fd4fae181bff4ee
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  1908868 3c418b840980b13b6909f24396c5bdd0
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  6083232 57cce258666699f386eb2f75e6e44d21
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  2388804 153d3608e5360793857fc27e9eef5197
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  2403878 aaede51c49c4a433c3ace8e2b07ffc5b
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:   355036 35c9cae706026c959bc7555581afbebc
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  4024732 dc6e3e723196b82c18a3d9b906540061
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.14a-6ubuntu1.1_i386.deb
      Size/MD5:  1394770 6c8f106c31c1dcecbc469555caeeb829

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:   377140 53a150277a211defa545d4bb397ee8b3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:    63848 8e09d0dc7f9339277d3ee816604b2425
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:   608996 60bf3799ca6bb661de603147af880160
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  5139806 f936e783ca1f2c8dd7840cbde4dccb2c
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  2165968 61b7e7c77fd36917377462d08a0d709c
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  6747038 b073c8fc79e26860e343555a8ef21943
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  2786586 61b0f06bf7d020c5f6cfd076b59d07dc
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  2842946 91d8f0802759ca636db6fb485f8e6c56
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:   415412 26aef445fbf1ce9c72610c2c62be5a16
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  4117784 058bae3548621c391ba291b1eb50207f
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.14a-6ubuntu1.1_powerpc.deb
      Size/MD5:  1628038 f390eb07eac0e33ca6ab0839f28a7436

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/libpam-smbpass_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:   358464 d598844c72fc29a6fc2d39d269f4cba1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:    63856 706c8069e0bc78099002dbf2f9ff2836
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:   568140 3527487f84843fea4deb272141e96d12
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  4883780 726844ab52acad3ae6eacb158cd56be4
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  1971686 9073ebf40227bb550c5c531a337e41fd
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/samba-dbg_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  6752954 95541820218763eca2d4a1c3b555769a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  2505534 93b0985b47c343ed2064b97c9b878382
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  2525510 4562fc8d242b73a7d9d8fd3312846300
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:   375270 8b72f457c3c95e58c4eadeeb80c07f4e
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/swat_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  4047746 db9bab7977d536dfb89cdbb76b988006
    http://security.ubuntu.com/ubuntu/pool/universe/s/samba/winbind_3.0.14a-6ubuntu1.1_sparc.deb
      Size/MD5:  1470232 6ebd7b670e71fd6281a484e668eb0db2

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.1.diff.gz
      Size/MD5:   146275 f2190b48b34965126d9c91091e08a7ad
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.1.dsc
      Size/MD5:     1197 500907b1e453966707928c61b368d3b1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22.orig.tar.gz
      Size/MD5: 17542657 5c39505af17cf5caf3d6ed8bab135036

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc-pdf_3.0.22-1ubuntu3.1_all.deb
      Size/MD5:  6593586 a79a0fd33b9b0591824bad25e3cef54b
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-doc_3.0.22-1ubuntu3.1_all.deb
      Size/MD5:  6901024 c6b905634a78e14111d3e3dc973526b8

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:   425306 7ff43dbdfe691d82aa855c18ff0f68e1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:   111724 5b8e3e592720808235bd915bcb27b648
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:   796958 269b16c685b4d28a764ccec05200d31e
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:  5964294 927dc856cd95d30d02e0478b5c36c8a5
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:  2412540 3233f0396334709093ff788ca4a1989b
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5: 11880796 c175d6f30b5e97e8e85a83d53f50e48b
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:  3399070 cb06a0d519ed5505373da1e503ef3bb2
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:  4037770 142af704b59917425428bb5a1fcaffa3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:   448016 980f10a874d8420344a3177af5ec7602
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:   831520 674cc19789985ae496c181a4f8c5a919
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.1_amd64.deb
      Size/MD5:  1927098 1a792fc9136040ac386036d9cefe2e60

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:   365024 c796d5d39136eb3bdab45eb11248e829
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:   111712 523cf5711b85c9e41ee49f3ab3a6b3b1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:   681546 2625b54011effbdcb95be389cf15b32a
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:  5061620 f54fbde8fa1f3954008b95226cb59670
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:  2075094 09d3dcd5e645926a4aa8377188f6df64
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:  9796036 47acbb9b598706a3480b1aac2522daf3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:  2845076 a1c26555dc1e574703b90b0c9190bbfa
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:  3347580 47e49cae04dc637191b74ab92a2e2768
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:   378100 996fec98ba9692a22bffe53a05f1721d
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:   710420 323b5e4edb74d03347fb7b651e121ce9
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.1_i386.deb
      Size/MD5:  1606440 637c4e4ea7c785d300c58a48a050c377

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:   409038 a37defd000b648a2287d09586f617704
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:   111728 5711a2275894c75e3fa41c566c6a4857
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:   775100 cd3ce31dfb5786ef1a481a8f4140d9e1
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:  5687600 1852004434948b8a0eae71f3b622f04c
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:  2355900 ab4737da4e7c9d057e3ea39af04241ce
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5: 11889202 0a7805d296c30b78e1938eb60608fd40
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:  3328604 7649b4e623b3c83d859561a92d4295d5
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:  3936522 ef0056d4e7e93c61d97f7693dabbcfb7
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:   441350 95c68cd7629377f70bda27798e387a49
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:   812764 04301bdd6e8cf5cb3b750760e90c88cd
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.1_powerpc.deb
      Size/MD5:  1870868 9ffe650db74890068e4b62f67f6dd350

  sparc architecture (Sun SPARC/UltraSPARC)

    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libpam-smbpass_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:   387978 c3369034ddbf58e6837c978486071d93
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient-dev_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:   111726 13b2cb8c94e6e353259fb613817fc8ab
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/libsmbclient_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:   728808 268db40e3b96224859003ca72056abd2
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/python2.4-samba_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:  5419968 d23423747328c72330a9b9728d79ecdc
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-common_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:  2142240 6c39aac99efe8f05eebd188c8b9d07b9
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba-dbg_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:  9715230 a64e9735f5877c23ca3093b51fc65fc2
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/samba_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:  2987750 21f443f10ffb1cc24899154fde67d647
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbclient_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:  3501644 6f8f93eedc32991871b0716f124761d3
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/smbfs_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:   397968 82568322c341bf17241f6e1b758e3dad
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/swat_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:   735008 453c30fa0fe04004ee69d2db7a709a56
    http://security.ubuntu.com/ubuntu/pool/main/s/samba/winbind_3.0.22-1ubuntu3.1_sparc.deb
      Size/MD5:  1687636 28ac9992e6e98eaabf846c89bbbbbe95

    

- 漏洞信息 (F48180)

Mandriva Linux Security Advisory 2006.120 (PacketStormID:F48180)
2006-07-12 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2006-3403
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-120 - A vulnerability in samba 3.0.x was discovered where an attacker could cause a single smbd process to bloat, exhausting memory on the system. This bug is caused by continually increasing the size of an array which maintains state information about the number of active share connections.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:120
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : samba
 Date    : July 10, 2006
 Affected: 10.2, 2006.0, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 A vulnerability in samba 3.0.x was discovered where an attacker could
 cause a single smbd process to bloat, exhausting memory on the system.
 This bug is caused by continually increasing the size of an array which
 maintains state information about the number of active share
 connections.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3403
 http://www.samba.org/samba/security/CAN-2006-3403.html
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.2:
 3eb4f4fe83862cc464bec94f345b1205  10.2/RPMS/libsmbclient0-3.0.13-2.1.102mdk.i586.rpm
 20257c42dc31bfa2c7528e7033485aeb  10.2/RPMS/libsmbclient0-devel-3.0.13-2.1.102mdk.i586.rpm
 4abbb93b864aec424b863085e4cd17fe  10.2/RPMS/libsmbclient0-static-devel-3.0.13-2.1.102mdk.i586.rpm
 54c14b19aeda54fb096766938dcd7ba0  10.2/RPMS/mount-cifs-3.0.13-2.1.102mdk.i586.rpm
 6a718136f97f343c1673e9e82aa6685c  10.2/RPMS/nss_wins-3.0.13-2.1.102mdk.i586.rpm
 e0f0ca5db168dbec2ee78c47b04d4dfe  10.2/RPMS/samba-client-3.0.13-2.1.102mdk.i586.rpm
 aca4da8c53f090b9e41bd95690d95a27  10.2/RPMS/samba-common-3.0.13-2.1.102mdk.i586.rpm
 80c6725741baa3386e8d15a552a2e5aa  10.2/RPMS/samba-doc-3.0.13-2.1.102mdk.i586.rpm
 ef137687ddad3bee055d6d3870e74db8  10.2/RPMS/samba-passdb-mysql-3.0.13-2.1.102mdk.i586.rpm
 226357f0e98fa1c3b8abe17a23d1f715  10.2/RPMS/samba-passdb-pgsql-3.0.13-2.1.102mdk.i586.rpm
 80a8107ea3f020bc930ecde070aefb61  10.2/RPMS/samba-passdb-xml-3.0.13-2.1.102mdk.i586.rpm
 e2d6e9fa08e770f08171d75dd1079d5a  10.2/RPMS/samba-server-3.0.13-2.1.102mdk.i586.rpm
 62043615a61aa9424cee64634f6f8d95  10.2/RPMS/samba-smbldap-tools-3.0.13-2.1.102mdk.i586.rpm
 b76512984b8268a6c1d6474dd623c405  10.2/RPMS/samba-swat-3.0.13-2.1.102mdk.i586.rpm
 21f24f6b6d4ba6ebdaf259c9ad2ff894  10.2/RPMS/samba-vscan-clamav-3.0.13-2.1.102mdk.i586.rpm
 268ecfc08e5cd02ec69b2c3df9a79e3c  10.2/RPMS/samba-vscan-icap-3.0.13-2.1.102mdk.i586.rpm
 469c6f7ac18bb3f3e963b15d6ddb218b  10.2/RPMS/samba-winbind-3.0.13-2.1.102mdk.i586.rpm
 3cfae3f4e389c05b161fc03447fe8ea1  10.2/SRPMS/samba-3.0.13-2.1.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 1cabdda84ee642347b89b39f9b20647f  x86_64/10.2/RPMS/lib64smbclient0-3.0.13-2.1.102mdk.x86_64.rpm
 ac3ed439d87acb15e3c2e29c43a6c15c  x86_64/10.2/RPMS/lib64smbclient0-devel-3.0.13-2.1.102mdk.x86_64.rpm
 62220c9ea9b521ae9255351f9d2e9a72  x86_64/10.2/RPMS/lib64smbclient0-static-devel-3.0.13-2.1.102mdk.x86_64.rpm
 3eb4f4fe83862cc464bec94f345b1205  x86_64/10.2/RPMS/libsmbclient0-3.0.13-2.1.102mdk.i586.rpm
 20257c42dc31bfa2c7528e7033485aeb  x86_64/10.2/RPMS/libsmbclient0-devel-3.0.13-2.1.102mdk.i586.rpm
 4abbb93b864aec424b863085e4cd17fe  x86_64/10.2/RPMS/libsmbclient0-static-devel-3.0.13-2.1.102mdk.i586.rpm
 e3ee798596a4c1a3986046100967082d  x86_64/10.2/RPMS/mount-cifs-3.0.13-2.1.102mdk.x86_64.rpm
 f7cc4e909f28d48b265c11be4ea910d7  x86_64/10.2/RPMS/nss_wins-3.0.13-2.1.102mdk.x86_64.rpm
 4740a0c21ac308c552611a5ee347c72a  x86_64/10.2/RPMS/samba-client-3.0.13-2.1.102mdk.x86_64.rpm
 6115c746181eaeb5c0d1d507c116a6db  x86_64/10.2/RPMS/samba-common-3.0.13-2.1.102mdk.x86_64.rpm
 ff054b178cff6c783fc730ca9c6ada5f  x86_64/10.2/RPMS/samba-doc-3.0.13-2.1.102mdk.x86_64.rpm
 c6e65bf57165bdc7f438e92ec9bd7823  x86_64/10.2/RPMS/samba-passdb-mysql-3.0.13-2.1.102mdk.x86_64.rpm
 abf978ba0e1a53d0bc7c9938787d57f5  x86_64/10.2/RPMS/samba-passdb-pgsql-3.0.13-2.1.102mdk.x86_64.rpm
 8d3dcc5cfd15c7401bd0c1835b2ede77  x86_64/10.2/RPMS/samba-passdb-xml-3.0.13-2.1.102mdk.x86_64.rpm
 47c818ab47d1a18e3fe2bdc44d7c3916  x86_64/10.2/RPMS/samba-server-3.0.13-2.1.102mdk.x86_64.rpm
 0d64c5d745416788db5c1e879f04ae03  x86_64/10.2/RPMS/samba-smbldap-tools-3.0.13-2.1.102mdk.x86_64.rpm
 fb96a98a1ec0fa08001e0ecb155bb243  x86_64/10.2/RPMS/samba-swat-3.0.13-2.1.102mdk.x86_64.rpm
 06d7c44374d9ba8cde7077da3d6908c7  x86_64/10.2/RPMS/samba-vscan-clamav-3.0.13-2.1.102mdk.x86_64.rpm
 d7349d986a8b2b602c2c74d405571c27  x86_64/10.2/RPMS/samba-vscan-icap-3.0.13-2.1.102mdk.x86_64.rpm
 a7b8792e6ee53529f84dbb2c42431396  x86_64/10.2/RPMS/samba-winbind-3.0.13-2.1.102mdk.x86_64.rpm
 3cfae3f4e389c05b161fc03447fe8ea1  x86_64/10.2/SRPMS/samba-3.0.13-2.1.102mdk.src.rpm

 Mandriva Linux 2006.0:
 b639e531c8aa76a45bb4fd7fc0c9d08f  2006.0/RPMS/libsmbclient0-3.0.20-3.1.20060mdk.i586.rpm
 21d7c1bcdae8ba923815557a265aed8c  2006.0/RPMS/libsmbclient0-devel-3.0.20-3.1.20060mdk.i586.rpm
 2922f2ad71b836793477e9774962ab81  2006.0/RPMS/libsmbclient0-static-devel-3.0.20-3.1.20060mdk.i586.rpm
 b1950669d6c9988067d98f80d3ed9f05  2006.0/RPMS/mount-cifs-3.0.20-3.1.20060mdk.i586.rpm
 ad230ddd398f550ec0c5b56b8a0c7af9  2006.0/RPMS/nss_wins-3.0.20-3.1.20060mdk.i586.rpm
 f74482cc4bba045eecd6302878e5cd98  2006.0/RPMS/samba-client-3.0.20-3.1.20060mdk.i586.rpm
 1988d3cb187321c59f0ffd583089cdf2  2006.0/RPMS/samba-common-3.0.20-3.1.20060mdk.i586.rpm
 7c3130bec18d3ca0d75b8acf724871ac  2006.0/RPMS/samba-doc-3.0.20-3.1.20060mdk.i586.rpm
 73402f8d15a49c079c1c374a1a3926b7  2006.0/RPMS/samba-passdb-mysql-3.0.20-3.1.20060mdk.i586.rpm
 fe7d3ceac2df5a79853759b4b9eb8f21  2006.0/RPMS/samba-passdb-pgsql-3.0.20-3.1.20060mdk.i586.rpm
 cc4cb9b9eda79cc7d2ebbbe1eca8d098  2006.0/RPMS/samba-passdb-xml-3.0.20-3.1.20060mdk.i586.rpm
 00602cff731083e2477f3a78ae69c9e4  2006.0/RPMS/samba-server-3.0.20-3.1.20060mdk.i586.rpm
 58337068762956f952cd8dde7dbed638  2006.0/RPMS/samba-smbldap-tools-3.0.20-3.1.20060mdk.i586.rpm
 39aadf73c4aff1c9e90cf5a9bd883ce0  2006.0/RPMS/samba-swat-3.0.20-3.1.20060mdk.i586.rpm
 b4055e2c5247be3762da9baa912c69f8  2006.0/RPMS/samba-vscan-clamav-3.0.20-3.1.20060mdk.i586.rpm
 bf5619e50e6603faf8c6b62f823a7c3b  2006.0/RPMS/samba-vscan-icap-3.0.20-3.1.20060mdk.i586.rpm
 b823e686c69c157bf640209611700e74  2006.0/RPMS/samba-winbind-3.0.20-3.1.20060mdk.i586.rpm
 f573ef27d6ae8fce9cd2451371d00f2c  2006.0/SRPMS/samba-3.0.20-3.1.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 b8246df3c55f97343bc04dfe77733fc5  x86_64/2006.0/RPMS/lib64smbclient0-3.0.20-3.1.20060mdk.x86_64.rpm
 d0c721a3523d3718e1e78ade2665b728  x86_64/2006.0/RPMS/lib64smbclient0-devel-3.0.20-3.1.20060mdk.x86_64.rpm
 9c9852254610c810932013dd19917de8  x86_64/2006.0/RPMS/lib64smbclient0-static-devel-3.0.20-3.1.20060mdk.x86_64.rpm
 b639e531c8aa76a45bb4fd7fc0c9d08f  x86_64/2006.0/RPMS/libsmbclient0-3.0.20-3.1.20060mdk.i586.rpm
 21d7c1bcdae8ba923815557a265aed8c  x86_64/2006.0/RPMS/libsmbclient0-devel-3.0.20-3.1.20060mdk.i586.rpm
 2922f2ad71b836793477e9774962ab81  x86_64/2006.0/RPMS/libsmbclient0-static-devel-3.0.20-3.1.20060mdk.i586.rpm
 7b1644dda9a0e0fc61e2553a16c3227f  x86_64/2006.0/RPMS/mount-cifs-3.0.20-3.1.20060mdk.x86_64.rpm
 d05b51b91f6956ce210254b8140e1dff  x86_64/2006.0/RPMS/nss_wins-3.0.20-3.1.20060mdk.x86_64.rpm
 f6a100b3426487ecaf1402d0f13fe2c6  x86_64/2006.0/RPMS/samba-client-3.0.20-3.1.20060mdk.x86_64.rpm
 b924d9378647d7854b9a1fe7d4cbcacb  x86_64/2006.0/RPMS/samba-common-3.0.20-3.1.20060mdk.x86_64.rpm
 70fe3749aa34cf856a238854c4a8ffba  x86_64/2006.0/RPMS/samba-doc-3.0.20-3.1.20060mdk.x86_64.rpm
 e41a7d5cd9ec6113d9cdfa6e5f6824db  x86_64/2006.0/RPMS/samba-passdb-mysql-3.0.20-3.1.20060mdk.x86_64.rpm
 112d3d019065f29c8ccab1bed7e24ff9  x86_64/2006.0/RPMS/samba-passdb-pgsql-3.0.20-3.1.20060mdk.x86_64.rpm
 d25dd65d363d8412df0907c36af667bb  x86_64/2006.0/RPMS/samba-passdb-xml-3.0.20-3.1.20060mdk.x86_64.rpm
 f00babb6d600c46d81315ef2ea05c253  x86_64/2006.0/RPMS/samba-server-3.0.20-3.1.20060mdk.x86_64.rpm
 e371858956f729e8b1d8020b4b929d10  x86_64/2006.0/RPMS/samba-smbldap-tools-3.0.20-3.1.20060mdk.x86_64.rpm
 456d9ed7f29dc686b8803888058dbdd8  x86_64/2006.0/RPMS/samba-swat-3.0.20-3.1.20060mdk.x86_64.rpm
 cc428a83917f6bee4381ac29673c338e  x86_64/2006.0/RPMS/samba-vscan-clamav-3.0.20-3.1.20060mdk.x86_64.rpm
 9f4f4c7e4ad64b3c38fcb9644e6ca217  x86_64/2006.0/RPMS/samba-vscan-icap-3.0.20-3.1.20060mdk.x86_64.rpm
 2dab89ab81536b0b32af36468271e192  x86_64/2006.0/RPMS/samba-winbind-3.0.20-3.1.20060mdk.x86_64.rpm
 f573ef27d6ae8fce9cd2451371d00f2c  x86_64/2006.0/SRPMS/samba-3.0.20-3.1.20060mdk.src.rpm

 Corporate 3.0:
 4490da65fef66f064a59282b7da68621  corporate/3.0/RPMS/libsmbclient0-3.0.14a-6.2.C30mdk.i586.rpm
 5d2f6de8c701a826f214600c8dde0528  corporate/3.0/RPMS/libsmbclient0-devel-3.0.14a-6.2.C30mdk.i586.rpm
 d06d370c2816e6eaf15d97a5c7560519  corporate/3.0/RPMS/libsmbclient0-static-devel-3.0.14a-6.2.C30mdk.i586.rpm
 3f4512e20d14ffd6c49ad6574913770c  corporate/3.0/RPMS/mount-cifs-3.0.14a-6.2.C30mdk.i586.rpm
 7b6264fbeb301b7c73a5ae7c74ddacfc  corporate/3.0/RPMS/nss_wins-3.0.14a-6.2.C30mdk.i586.rpm
 3e372468edf4ba40c6e16c6e6744ea0e  corporate/3.0/RPMS/samba-client-3.0.14a-6.2.C30mdk.i586.rpm
 423f53ba9b7d75ba0adde3c9279bd934  corporate/3.0/RPMS/samba-common-3.0.14a-6.2.C30mdk.i586.rpm
 f109661cbadfe418f435dbc099a15c53  corporate/3.0/RPMS/samba-doc-3.0.14a-6.2.C30mdk.i586.rpm
 3f0f332b7d2b4ad8f94c51c90d65506d  corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.2.C30mdk.i586.rpm
 2e3737a856981e6e2b773aadca191415  corporate/3.0/RPMS/samba-server-3.0.14a-6.2.C30mdk.i586.rpm
 29cc6e056bad1c89e7290ca70b8f0de5  corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.2.C30mdk.i586.rpm
 96546053ae0ef2f00c2dc8580dc2c0c9  corporate/3.0/RPMS/samba-swat-3.0.14a-6.2.C30mdk.i586.rpm
 0c0fd8f911403b7f7ae188ee788ad507  corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.2.C30mdk.i586.rpm
 6840658b50e1b7d0f7f268289b204893  corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.2.C30mdk.i586.rpm
 f31679aaf15c51d8264a8b3a4066190e  corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.2.C30mdk.i586.rpm
 ec4717b55261f70dec4d2c8955c385f1  corporate/3.0/RPMS/samba-winbind-3.0.14a-6.2.C30mdk.i586.rpm
 da1c9c209543730d10e83f9a9f5ebfcf  corporate/3.0/SRPMS/samba-3.0.14a-6.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 1416831d844bf7b87db3c70d60100022  x86_64/corporate/3.0/RPMS/lib64smbclient0-3.0.14a-6.2.C30mdk.x86_64.rpm
 98417e53a7fbf9edc798581fb5d3edb3  x86_64/corporate/3.0/RPMS/lib64smbclient0-devel-3.0.14a-6.2.C30mdk.x86_64.rpm
 5299fbefd6638bc1dbd7724dd2e728e6  x86_64/corporate/3.0/RPMS/lib64smbclient0-static-devel-3.0.14a-6.2.C30mdk.x86_64.rpm
 ac8436d779dd384229594009426bd559  x86_64/corporate/3.0/RPMS/mount-cifs-3.0.14a-6.2.C30mdk.x86_64.rpm
 fec20e25461d3c5fef537496df93c94c  x86_64/corporate/3.0/RPMS/nss_wins-3.0.14a-6.2.C30mdk.x86_64.rpm
 8eea99ec757c429e4bed9258a59e7507  x86_64/corporate/3.0/RPMS/samba-client-3.0.14a-6.2.C30mdk.x86_64.rpm
 bac614217b2432ebb4d1ba9608caf26a  x86_64/corporate/3.0/RPMS/samba-common-3.0.14a-6.2.C30mdk.x86_64.rpm
 388f186ee4360a4a57c558cb9cec1696  x86_64/corporate/3.0/RPMS/samba-doc-3.0.14a-6.2.C30mdk.x86_64.rpm
 20e69617864bcd21ba5e2f82bf2d83b0  x86_64/corporate/3.0/RPMS/samba-passdb-xml-3.0.14a-6.2.C30mdk.x86_64.rpm
 30791f102847b0aeca488aebad4e07a4  x86_64/corporate/3.0/RPMS/samba-server-3.0.14a-6.2.C30mdk.x86_64.rpm
 15f39f30be615b23ca2afb5a4be4bf8d  x86_64/corporate/3.0/RPMS/samba-smbldap-tools-3.0.14a-6.2.C30mdk.x86_64.rpm
 35cfe4ebc5ebe39af764577356e3fddc  x86_64/corporate/3.0/RPMS/samba-swat-3.0.14a-6.2.C30mdk.x86_64.rpm
 1e46268670190e240fa2f73281b1bdf0  x86_64/corporate/3.0/RPMS/samba-vscan-antivir-3.0.14a-6.2.C30mdk.x86_64.rpm
 98f42b0625686a84939876938f046593  x86_64/corporate/3.0/RPMS/samba-vscan-clamav-3.0.14a-6.2.C30mdk.x86_64.rpm
 9b5c6b52c20699f58d9085e3a46fc877  x86_64/corporate/3.0/RPMS/samba-vscan-icap-3.0.14a-6.2.C30mdk.x86_64.rpm
 d9471fcbc2b1a0b76ca5a4623b54807e  x86_64/corporate/3.0/RPMS/samba-winbind-3.0.14a-6.2.C30mdk.x86_64.rpm
 da1c9c209543730d10e83f9a9f5ebfcf  x86_64/corporate/3.0/SRPMS/samba-3.0.14a-6.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEszpqmqjQ0CJFipgRAjDnAJ0S7bC4FZeeAjD0Jl66B71c7N6BugCeKstA
UPkBaJB/rUE03L5PqfzR8kw=
=SITV
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

27130
Samba smdb Share Connection Saturation DoS
Remote / Network Access Denial of Service
Loss of Availability Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-10 Unknow
2006-07-10 Unknow

- 解决方案

Upgrade to version 3.0.23 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Samba Internal Data Structures Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 18927
Yes No
2006-07-10 12:00:00 2007-01-16 10:40:00
These issues were disclosed by the vendor.

- 受影响的程序版本

VMWare ESX Server 2.5.4
VMWare ESX Server 2.5.3
VMWare ESX Server 2.1.3
VMWare ESX Server 2.0.2
Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0 x86
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
TurboLinux Personal
TurboLinux Multimedia
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
Turbolinux Appliance Server 2.0
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
TransSoft Broker FTP Server 8.0
TransSoft Broker FTP Server 7.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux -current
SGI ProPack 3.0 SP6
Samba Samba 3.0.22
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21
Samba Samba 3.0.20
+ Slackware Linux 10.2
Samba Samba 3.0.14
Samba Samba 3.0.13
Samba Samba 3.0.12
Samba Samba 3.0.11
Samba Samba 3.0.10
+ Slackware Linux 10.1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
Samba Samba 3.0.9
+ OpenPKG OpenPKG Current
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 9.1
Samba Samba 3.0.8
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.5
Samba Samba 3.0.4 -r1
Samba Samba 3.0.4
+ OpenPKG OpenPKG 2.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.1
+ Slackware Linux 10.0
Samba Samba 3.0.3
Samba Samba 3.0.2 a
Samba Samba 3.0.2
Samba Samba 3.0.1
Samba Samba 3.0.21c
Samba Samba 3.0.21b
Samba Samba 3.0.21a
Samba Samba 3.0.20b
Samba Samba 3.0.20a
Samba Samba 3.0.14a
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
rPath rPath Linux 1
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Avaya Messaging Storage Server MM3.0
Avaya Integrated Management
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.3.9
VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.3 Patch 4
VMWare ESX Server 2.1.3 Patch 2
VMWare ESX Server 2.0.2 Patch 2
Avaya Message Networking
Avaya Interactive Response
Avaya CVLAN

- 不受影响的程序版本

VMWare ESX Server 2.5.4 Patch 1
VMWare ESX Server 2.5.3 Patch 4
VMWare ESX Server 2.1.3 Patch 2
VMWare ESX Server 2.0.2 Patch 2
Avaya Message Networking
Avaya Interactive Response
Avaya CVLAN

- 漏洞讨论

The smbd daemon is prone to a denial-of-service vulnerability.

An attacker can exploit this issue to consume excessive memory resources, ultimately crashing the affected application.

This issue affects Samba versions 3.0.1 through 3.0.22 inclusive.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released a patch to address this issue.

Please see the referenced advisories for more information.


Samba Samba 3.0.20b

Turbolinux Turbolinux 10 F...

Turbolinux Turbolinux FUJI

Samba Samba 3.0.21a

Samba Samba 3.0.21b

Samba Samba 3.0.20a

TurboLinux Multimedia

Slackware Linux -current

Turbolinux Appliance Server 1.0 Workgroup Edition

Turbolinux Turbolinux Server 10.0

Turbolinux Turbolinux Desktop 10.0

Slackware Linux 10.1

Samba Samba 3.0.10

Samba Samba 3.0.11

Samba Samba 3.0.12

Samba Samba 3.0.14

Samba Samba 3.0.2 a

Samba Samba 3.0.20

Samba Samba 3.0.22

Samba Samba 3.0.4 -r1

Samba Samba 3.0.4

Samba Samba 3.0.5

Samba Samba 3.0.6

Samba Samba 3.0.7

Samba Samba 3.0.9

TransSoft Broker FTP Server 8.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站