CVE-2007-0454
CVSS7.5
发布时间 :2007-02-05 21:28:00
修订时间 :2011-03-07 00:00:00
NMCOPS    

[原文]Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.


[CNNVD]Samba服务器VFS插件afsacl.so远程格式串处理漏洞(CNNVD-200702-061)

        Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
        Samba的VFS插件afsacl.so库在处理文件名时存在格式串漏洞,攻击者可能利用此漏洞诱使用户处理恶意的VFS分区控制服务器。
        Samba在调用snprintf()时将磁盘上所储存的文件名用作了格式串,如果用户能够写入的共享使用Samba的afsacl.so库对AFS文件系统上的文件设置Windows NT访问控制列表的话,就可能通过文件名中的格式串标识符导致执行任意代码。
        这个漏洞仅影响与CIFS共享了AFS文件系统并在smb.conf中明确要求加载afsacl.so VFS模块的Samba服务器。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-134 []

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.1::ia-64
cpe:/a:samba:samba:3.0.6Samba 3.0.6
cpe:/o:debian:debian_linux:3.0::mips
cpe:/a:samba:samba:3.0.21cSamba 3.0.21c
cpe:/o:debian:debian_linux:3.1::s-390
cpe:/o:mandrakesoft:mandrake_linux:2006MandrakeSoft Mandrake Linux 2006.0
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:debian:debian_linux:3.1::mipsel
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/a:samba:samba:3.0.11Samba 3.0.11
cpe:/o:mandrakesoft:mandrake_linux:2006::x86_64
cpe:/a:samba:samba:3.0.8Samba 3.0.8
cpe:/a:samba:samba:3.0.23dSamba 3.0.23d
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.1::hppa
cpe:/o:debian:debian_linux:3.1::m68k
cpe:/a:samba:samba:3.0.21Samba 3.0.21
cpe:/a:samba:samba:3.0.14aSamba 3.0.14a
cpe:/a:samba:samba:3.0.9Samba 3.0.9
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/a:samba:samba:3.0.21aSamba 3.0.21a
cpe:/o:debian:debian_linux:3.1::alpha
cpe:/o:mandrakesoft:mandrake_linuxsoft_2007:::x86_64
cpe:/a:samba:samba:3.0.22Samba 3.0.22
cpe:/a:samba:samba:3.0.13Samba 3.0.13
cpe:/o:debian:debian_linux:3.1::arm
cpe:/a:samba:samba:3.0.10Samba 3.0.10
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0MandrakeSoft Mandrake Corporate Server 4.0
cpe:/o:debian:debian_linux:3.1::sparc
cpe:/a:samba:samba:3.0.12Samba 3.0.12
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.1::ppc
cpe:/o:mandrakesoft:mandrake_linuxsoft_2007MandrakeSoft Mandrake LinuxSoft 2007.0
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.1::mips
cpe:/a:samba:samba:3.0.7Samba 3.0.7
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64
cpe:/a:samba:samba:3.0.14Samba 3.0.14
cpe:/a:samba:samba:3.0.20Samba 3.0.20
cpe:/a:samba:samba:3.0.20bSamba 3.0.20b
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/a:samba:samba:3.0.20aSamba 3.0.20a
cpe:/o:debian:debian_linux:3.1Debian Debian Linux 3.1
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0MandrakeSoft Mandrake Corporate Server 3.0
cpe:/o:debian:debian_linux:3.1::amd64
cpe:/o:debian:debian_linux:3.1::ia-32
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/a:samba:samba:3.0.21bSamba 3.0.21b

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0454
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200702-061
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/649732
(UNKNOWN)  CERT-VN  VU#649732
http://www.securityfocus.com/bid/22403
(PATCH)  BID  22403
https://issues.rpath.com/browse/RPL-1005
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-1005
http://xforce.iss.net/xforce/xfdb/32304
(UNKNOWN)  XF  samba-afsacl-format-string(32304)
http://www.vupen.com/english/advisories/2007/0483
(VENDOR_ADVISORY)  VUPEN  ADV-2007-0483
http://www.ubuntu.com/usn/usn-419-1
(UNKNOWN)  UBUNTU  USN-419-1
http://www.trustix.org/errata/2007/0007
(UNKNOWN)  TRUSTIX  2007-0007
http://www.securityfocus.com/archive/1/archive/1/459365/100/0/threaded
(UNKNOWN)  BUGTRAQ  20070207 rPSA-2007-0026-1 samba samba-swat
http://www.securityfocus.com/archive/1/archive/1/459179/100/0/threaded
(UNKNOWN)  BUGTRAQ  20070205 [SAMBA-SECURITY] CVE-2007-0454: Format string bug in afsacl.so VFS plugin
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.012.html
(UNKNOWN)  OPENPKG  OpenPKG-SA-2007.012
http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
(UNKNOWN)  MANDRIVA  MDKSA-2007:034
http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
(UNKNOWN)  GENTOO  GLSA-200702-01
http://www.debian.org/security/2007/dsa-1257
(UNKNOWN)  DEBIAN  DSA-1257
http://us1.samba.org/samba/security/CVE-2007-0454.html
(UNKNOWN)  CONFIRM  http://us1.samba.org/samba/security/CVE-2007-0454.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
(UNKNOWN)  SLACKWARE  SSA:2007-038-01
http://securitytracker.com/id?1017588
(UNKNOWN)  SECTRACK  1017588
http://secunia.com/advisories/24151
(VENDOR_ADVISORY)  SECUNIA  24151
http://secunia.com/advisories/24145
(VENDOR_ADVISORY)  SECUNIA  24145
http://secunia.com/advisories/24101
(VENDOR_ADVISORY)  SECUNIA  24101
http://secunia.com/advisories/24067
(VENDOR_ADVISORY)  SECUNIA  24067
http://secunia.com/advisories/24060
(VENDOR_ADVISORY)  SECUNIA  24060
http://secunia.com/advisories/24046
(VENDOR_ADVISORY)  SECUNIA  24046
http://secunia.com/advisories/24021
(VENDOR_ADVISORY)  SECUNIA  24021
http://osvdb.org/33101
(UNKNOWN)  OSVDB  33101

- 漏洞信息

Samba服务器VFS插件afsacl.so远程格式串处理漏洞
高危 格式化字符串
2007-02-05 00:00:00 2007-08-03 00:00:00
远程  
        Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
        Samba的VFS插件afsacl.so库在处理文件名时存在格式串漏洞,攻击者可能利用此漏洞诱使用户处理恶意的VFS分区控制服务器。
        Samba在调用snprintf()时将磁盘上所储存的文件名用作了格式串,如果用户能够写入的共享使用Samba的afsacl.so库对AFS文件系统上的文件设置Windows NT访问控制列表的话,就可能通过文件名中的格式串标识符导致执行任意代码。
        这个漏洞仅影响与CIFS共享了AFS文件系统并在smb.conf中明确要求加载afsacl.so VFS模块的Samba服务器。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Samba Samba 3.0.21a
        Samba samba-3.0.23d-CVE-2007-0454.patch
        http://samba.org/samba/ftp/patches/security/samba-3.0.23d-CVE-2007-045 4.patch
        Samba Samba 3.0.14a
        Debian libpam-smbpass_3.0.14a-3sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_i386.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_ia64.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_m68k.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_mips.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_mipsel.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_powerpc.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_s390.deb
        Debian libpam-smbpass_3.0.14a-3sarge4_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3. 0.14a-3sarge4_sparc.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_i386.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_ia64.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_m68k.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_mips.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_mipsel.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_powerpc.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_s390.deb
        Debian libsmbclient-dev_3.0.14a-3sarge4_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_ 3.0.14a-3sarge4_sparc.deb
        Debian libsmbclient_3.0.14a-3sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_i386.deb
        Debian libsmbclient_3.0.14a-3sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_ia64.deb
        Debian libsmbclient_3.0.14a-3sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_m68k.deb
        Debian libsmbclient_3.0.14a-3sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_mips.deb
        Debian libsmbclient_3.0.14a-3sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_mipsel.deb
        Debian libsmbclient_3.0.14a-3sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_powerpc.deb
        Debian libsmbclient_3.0.14a-3sarge4_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_s390.deb
        Debian libsmbclient_3.0.14a-3sarge4_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0. 14a-3sarge4_sparc.deb
        Debian python2.3-samba_3.0.14a-3sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_i386.deb
        Debian python2.3-samba_3.0.14a-3sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_ia64.deb
        Debian python2.3-samba_3.0.14a-3sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_m68k.deb
        Debian python2.3-samba_3.0.14a-3sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_mips.deb
        Debian python2.3-samba_3.0.14a-3sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_mipsel.deb
        Debian python2.3-samba_3.0.14a-3sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_powerpc.deb
        Debian python2.3-samba_3.0.14a-3sarge4_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_s390.deb
        Debian python2.3-samba_3.0.14a-3sarge4_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3 .0.14a-3sarge4_sparc.deb
        Debian samba-common_3.0.14a-3sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_i386.deb
        Debian samba-common_3.0.14a-3sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_ia64.deb
        Debian samba-common_3.0.14a-3sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_m68k.deb
        Debian samba-common_3.0.14a-3sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_mips.deb
        Debian samba-common_3.0.14a-3sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_mipsel.deb
        Debian samba-common_3.0.14a-3sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_powerpc.deb
        Debian samba-common_3.0.14a-3sarge4_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_s390.deb
        Debian samba-common_3.0.14a-3sarge4_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0. 14a-3sarge4_sparc.deb
        Debian samba-dbg_3.0.14a-3sarge4_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a -3sarge4_i386.deb
        Debian samba-dbg_3.0.14a-3sarge4_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a -3sarge4_ia64.deb
        Debian samba-dbg_3.0.14a-3sarge4_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a -3sarge4_m68k.deb
        Debian samba-dbg_3.0.14a-3sarge4_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a -3sarge4_mips.deb
        Debian samba-dbg_3.0.14a-3sarge4_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a -3sarge4_mipsel.deb
        Debian samba-dbg_3.0.14a-3sarge4_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a -3sarge4_powerpc.deb
        Deb

- 漏洞信息 (F54216)

Mandriva Linux Security Advisory 2007.034 (PacketStormID:F54216)
2007-02-06 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2007-0452,CVE-2007-0454
[点击下载]

Mandriva Linux Security Advisory - A logic error in the deferred open code for smbd may allow an authenticated user to exhaust resources such as memory and CPU on the server by opening multiple CIFS sessions, each of which will normally spawn a new smbd process, and sending each connection into an infinite loop. The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:034
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : samba
 Date    : February 5, 2007
 Affected: 2006.0, 2007.0, Corporate 3.0, Corporate 4.0
 _______________________________________________________________________
 
 Problem Description:
 
 A logic error in the deferred open code for smbd may allow an
 authenticated user to exhaust resources such as memory and CPU on the
 server by opening multiple CIFS sessions, each of which will normally
 spawn a new smbd process, and sending each connection into an infinite
 loop. (CVE-2007-0452)

 The name of a file on the server's share is used as the format string
 when setting an NT security descriptor through the afsacl.so VFS
 plugin. (CVE-2007-0454)

 Updated packages have been patched to address these issues.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0452
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0454
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 1b530594d9d6bf0a0a4b974d9c61fb94  2006.0/i586/libsmbclient0-3.0.20-3.2.20060mdk.i586.rpm
 12a3694d0ecfe2c7327393e88da54806  2006.0/i586/libsmbclient0-devel-3.0.20-3.2.20060mdk.i586.rpm
 9847f27829d38428d9e7b8b14f97de49  2006.0/i586/libsmbclient0-static-devel-3.0.20-3.2.20060mdk.i586.rpm
 31fa2a33fbd83b5db9d04210104e7360  2006.0/i586/mount-cifs-3.0.20-3.2.20060mdk.i586.rpm
 8463d92295c0834802f9548fe4942a9b  2006.0/i586/nss_wins-3.0.20-3.2.20060mdk.i586.rpm
 efbce43af5682f5ac8b09c21bb44dd1b  2006.0/i586/samba-client-3.0.20-3.2.20060mdk.i586.rpm
 1b4216e9f7cb33ff0d83f6f6154932cb  2006.0/i586/samba-common-3.0.20-3.2.20060mdk.i586.rpm
 76659405c7b4ac3d2bf9aba245637d64  2006.0/i586/samba-doc-3.0.20-3.2.20060mdk.i586.rpm
 968284cf40359ff00ad3011fb2eb9746  2006.0/i586/samba-passdb-mysql-3.0.20-3.2.20060mdk.i586.rpm
 22b8c6f6df2e334689fb075ce50249f7  2006.0/i586/samba-passdb-pgsql-3.0.20-3.2.20060mdk.i586.rpm
 bf5433f0ebfa4316ed12344f29d65bb2  2006.0/i586/samba-passdb-xml-3.0.20-3.2.20060mdk.i586.rpm
 d1c79404fafd39db117e3f03852d8f98  2006.0/i586/samba-server-3.0.20-3.2.20060mdk.i586.rpm
 f8e0c598ebee64f19e22758f73eeaede  2006.0/i586/samba-smbldap-tools-3.0.20-3.2.20060mdk.i586.rpm
 5a1f9acb75709a958a87de121ffee236  2006.0/i586/samba-swat-3.0.20-3.2.20060mdk.i586.rpm
 e9b0e4aa373e3d37c520447366f56710  2006.0/i586/samba-vscan-clamav-3.0.20-3.2.20060mdk.i586.rpm
 1edc664ebced1683a7a62eb7d60bc341  2006.0/i586/samba-vscan-icap-3.0.20-3.2.20060mdk.i586.rpm
 1c74716b5b8d2605f2c497720831d180  2006.0/i586/samba-winbind-3.0.20-3.2.20060mdk.i586.rpm 
 c35b130dac78cd9f892351a670d903a4  2006.0/SRPMS/samba-3.0.20-3.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 d0303faed0767e3874b138662049ae88  2006.0/x86_64/lib64smbclient0-3.0.20-3.2.20060mdk.x86_64.rpm
 05cbbaa507003fbed1f789fd92539350  2006.0/x86_64/lib64smbclient0-devel-3.0.20-3.2.20060mdk.x86_64.rpm
 a65750a7b2485c3fa00d2286d299b0ba  2006.0/x86_64/lib64smbclient0-static-devel-3.0.20-3.2.20060mdk.x86_64.rpm
 663b53e302dc2db8015b8206e79e4a28  2006.0/x86_64/mount-cifs-3.0.20-3.2.20060mdk.x86_64.rpm
 da521e66365c906bf8dbaf1a311fffde  2006.0/x86_64/nss_wins-3.0.20-3.2.20060mdk.x86_64.rpm
 b87484e5a5dff12619b4ac148adb9dc8  2006.0/x86_64/samba-client-3.0.20-3.2.20060mdk.x86_64.rpm
 6bc67acab757d473aafdd75f4bfe89da  2006.0/x86_64/samba-common-3.0.20-3.2.20060mdk.x86_64.rpm
 9ff68bbba6e53f65850910fd90002a02  2006.0/x86_64/samba-doc-3.0.20-3.2.20060mdk.x86_64.rpm
 fb0ebdc18bb7a8dbf975847b83c67351  2006.0/x86_64/samba-passdb-mysql-3.0.20-3.2.20060mdk.x86_64.rpm
 d936bd945847eee84cff46bb06bafde7  2006.0/x86_64/samba-passdb-pgsql-3.0.20-3.2.20060mdk.x86_64.rpm
 168d8d337225b41db957b4331324d7d5  2006.0/x86_64/samba-passdb-xml-3.0.20-3.2.20060mdk.x86_64.rpm
 03de0ab9fa0c7441cf0e232bc5af5f4b  2006.0/x86_64/samba-server-3.0.20-3.2.20060mdk.x86_64.rpm
 94147f52697abed4711b56004bae7488  2006.0/x86_64/samba-smbldap-tools-3.0.20-3.2.20060mdk.x86_64.rpm
 caf8a9f3f9345ce6d736332201bd89dd  2006.0/x86_64/samba-swat-3.0.20-3.2.20060mdk.x86_64.rpm
 a1b625278ce98c6f9d156b98e0164768  2006.0/x86_64/samba-vscan-clamav-3.0.20-3.2.20060mdk.x86_64.rpm
 070d34b18cd6fb5ff0728b7ae313fb38  2006.0/x86_64/samba-vscan-icap-3.0.20-3.2.20060mdk.x86_64.rpm
 3a6c127079aa9a99aa5d6672d47876af  2006.0/x86_64/samba-winbind-3.0.20-3.2.20060mdk.x86_64.rpm 
 c35b130dac78cd9f892351a670d903a4  2006.0/SRPMS/samba-3.0.20-3.2.20060mdk.src.rpm

 Mandriva Linux 2007.0:
 49698f756c0e8d91276578a62f4ba093  2007.0/i586/libsmbclient0-3.0.23d-2.1mdv2007.0.i586.rpm
 e9c2b7a0d7ad877bf4addaee8ddd6636  2007.0/i586/libsmbclient0-devel-3.0.23d-2.1mdv2007.0.i586.rpm
 dc8d339ca3fe1aa627ccc5a3b9af6120  2007.0/i586/libsmbclient0-static-devel-3.0.23d-2.1mdv2007.0.i586.rpm
 8f16457913266d4d1ad6234e4b5b8097  2007.0/i586/mount-cifs-3.0.23d-2.1mdv2007.0.i586.rpm
 fffe690992e8f0efff9409a236754c47  2007.0/i586/nss_wins-3.0.23d-2.1mdv2007.0.i586.rpm
 0c145a6a8036d7752c47cff748531f5e  2007.0/i586/samba-client-3.0.23d-2.1mdv2007.0.i586.rpm
 220ad409561a8240c342cd3195eb2cf0  2007.0/i586/samba-common-3.0.23d-2.1mdv2007.0.i586.rpm
 af80bc7435e7cae23712c87c9598372c  2007.0/i586/samba-doc-3.0.23d-2.1mdv2007.0.i586.rpm
 b6ffd2bc4c8630be79e0a696afdba613  2007.0/i586/samba-server-3.0.23d-2.1mdv2007.0.i586.rpm
 e6c4ded117afebe41c604044312b8e3d  2007.0/i586/samba-smbldap-tools-3.0.23d-2.1mdv2007.0.i586.rpm
 7447a6e3aae0e624538baf67ea9fb0be  2007.0/i586/samba-swat-3.0.23d-2.1mdv2007.0.i586.rpm
 53078072767f7c4beb0051ef7d2396f4  2007.0/i586/samba-vscan-clamav-3.0.23d-2.1mdv2007.0.i586.rpm
 310d1781c1e074427e12a8adce89080f  2007.0/i586/samba-vscan-icap-3.0.23d-2.1mdv2007.0.i586.rpm
 2234b0c5bbfeb3761c04a2e20f4c2011  2007.0/i586/samba-winbind-3.0.23d-2.1mdv2007.0.i586.rpm 
 2c100ee062786455b7a1361162681d3f  2007.0/SRPMS/samba-3.0.23d-2.1mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 57cfbe3fcab432986388a671e87ae633  2007.0/x86_64/lib64smbclient0-3.0.23d-2.1mdv2007.0.x86_64.rpm
 fe197b55117f98233e88830d02a2e27e  2007.0/x86_64/lib64smbclient0-devel-3.0.23d-2.1mdv2007.0.x86_64.rpm
 4ab42f1b496d18a8c5b0ea4a2227d183  2007.0/x86_64/lib64smbclient0-static-devel-3.0.23d-2.1mdv2007.0.x86_64.rpm
 f08f01a9f665aa725b2ddb57c9c404b2  2007.0/x86_64/mount-cifs-3.0.23d-2.1mdv2007.0.x86_64.rpm
 c80cf80b0b384089ec24851b7f8ab953  2007.0/x86_64/nss_wins-3.0.23d-2.1mdv2007.0.x86_64.rpm
 4d0b197fc5911e869169bba817370628  2007.0/x86_64/samba-client-3.0.23d-2.1mdv2007.0.x86_64.rpm
 4d014bfb3df5abf0b989e28b38b53dd8  2007.0/x86_64/samba-common-3.0.23d-2.1mdv2007.0.x86_64.rpm
 700af04adb31ca38f48d685d3faf8c9b  2007.0/x86_64/samba-doc-3.0.23d-2.1mdv2007.0.x86_64.rpm
 42a00b49ff9d9d2dcf79b87fc0071949  2007.0/x86_64/samba-server-3.0.23d-2.1mdv2007.0.x86_64.rpm
 6dc3f75fa24fa3cad10b26992337681d  2007.0/x86_64/samba-smbldap-tools-3.0.23d-2.1mdv2007.0.x86_64.rpm
 7c30e5c6510dfb250ec281555b0345f3  2007.0/x86_64/samba-swat-3.0.23d-2.1mdv2007.0.x86_64.rpm
 6ac32a1dccc2ef25cbc442b80dfa510e  2007.0/x86_64/samba-vscan-clamav-3.0.23d-2.1mdv2007.0.x86_64.rpm
 0a5489da53535cb7bced9f0209b31b7e  2007.0/x86_64/samba-vscan-icap-3.0.23d-2.1mdv2007.0.x86_64.rpm
 f81cbb3c33aa275e7d1abe6bee28b09f  2007.0/x86_64/samba-winbind-3.0.23d-2.1mdv2007.0.x86_64.rpm 
 2c100ee062786455b7a1361162681d3f  2007.0/SRPMS/samba-3.0.23d-2.1mdv2007.0.src.rpm

 Corporate 3.0:
 610b01ff319a2f0b6a435811eeff0810  corporate/3.0/i586/libsmbclient0-3.0.14a-6.3.C30mdk.i586.rpm
 e1e761203cba95358a772f7b14c8dd02  corporate/3.0/i586/libsmbclient0-devel-3.0.14a-6.3.C30mdk.i586.rpm
 853268794641fd454d61a2d75ba27a55  corporate/3.0/i586/libsmbclient0-static-devel-3.0.14a-6.3.C30mdk.i586.rpm
 5e3b18bb84992632a6bd98b45b61b2a4  corporate/3.0/i586/mount-cifs-3.0.14a-6.3.C30mdk.i586.rpm
 29a5dc872780c62c92293f8557cb0515  corporate/3.0/i586/nss_wins-3.0.14a-6.3.C30mdk.i586.rpm
 224ed9dbcaa24257cabafa07cbad1e4f  corporate/3.0/i586/samba-client-3.0.14a-6.3.C30mdk.i586.rpm
 3b7261b03c35cd1f64e5250b83c16c36  corporate/3.0/i586/samba-common-3.0.14a-6.3.C30mdk.i586.rpm
 ec528554436ea44803e614f8d8198804  corporate/3.0/i586/samba-doc-3.0.14a-6.3.C30mdk.i586.rpm
 02d548942ae7b8f1477d191c7945ac85  corporate/3.0/i586/samba-passdb-xml-3.0.14a-6.3.C30mdk.i586.rpm
 3aeacb6baa110c6b16e636cd7239a4f7  corporate/3.0/i586/samba-server-3.0.14a-6.3.C30mdk.i586.rpm
 1936e0d6ad8d44b3c403760c5e1e0c2d  corporate/3.0/i586/samba-smbldap-tools-3.0.14a-6.3.C30mdk.i586.rpm
 a40e08ccaa1008fbfd2f5cb198e93a3c  corporate/3.0/i586/samba-swat-3.0.14a-6.3.C30mdk.i586.rpm
 74c4648589e24ac92019d38676f0b812  corporate/3.0/i586/samba-vscan-antivir-3.0.14a-6.3.C30mdk.i586.rpm
 0420e9b8cbb2d3c0a13bdd991a05c25c  corporate/3.0/i586/samba-vscan-clamav-3.0.14a-6.3.C30mdk.i586.rpm
 0e518474736a101e37d882ca14a911e9  corporate/3.0/i586/samba-vscan-icap-3.0.14a-6.3.C30mdk.i586.rpm
 c8d42c7388172eec532773dd86bc0ebf  corporate/3.0/i586/samba-winbind-3.0.14a-6.3.C30mdk.i586.rpm 
 44944ce7e8faf04cf5b9d1449a2b9968  corporate/3.0/SRPMS/samba-3.0.14a-6.3.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 74209324f42f33ba9559049c66f824e6  corporate/3.0/x86_64/lib64smbclient0-3.0.14a-6.3.C30mdk.x86_64.rpm
 6c909366a745c160ed5f8f79c2eafe14  corporate/3.0/x86_64/lib64smbclient0-devel-3.0.14a-6.3.C30mdk.x86_64.rpm
 b6393599a6efd9031acddbe7b40e7446  corporate/3.0/x86_64/lib64smbclient0-static-devel-3.0.14a-6.3.C30mdk.x86_64.rpm
 16e3b13b4af3c1dada19e106091de1de  corporate/3.0/x86_64/mount-cifs-3.0.14a-6.3.C30mdk.x86_64.rpm
 ccc3bc4b4bbe931b033815fc2afecddc  corporate/3.0/x86_64/nss_wins-3.0.14a-6.3.C30mdk.x86_64.rpm
 226413881d7655a30ced554008706764  corporate/3.0/x86_64/samba-client-3.0.14a-6.3.C30mdk.x86_64.rpm
 290a302ca0d4cc1324b3a9e4ce521f0c  corporate/3.0/x86_64/samba-common-3.0.14a-6.3.C30mdk.x86_64.rpm
 b56f3bd2ed4f73b6dce3064a1c8c9bd6  corporate/3.0/x86_64/samba-doc-3.0.14a-6.3.C30mdk.x86_64.rpm
 03a81c23ed8795a336acfff4b426b975  corporate/3.0/x86_64/samba-passdb-xml-3.0.14a-6.3.C30mdk.x86_64.rpm
 6e32f57c9b8155d67b8e0b24f5cf757f  corporate/3.0/x86_64/samba-server-3.0.14a-6.3.C30mdk.x86_64.rpm
 e7d0698646616d523d6be49f13f1a9b4  corporate/3.0/x86_64/samba-smbldap-tools-3.0.14a-6.3.C30mdk.x86_64.rpm
 723273e8ff901a208f00b46df25bab57  corporate/3.0/x86_64/samba-swat-3.0.14a-6.3.C30mdk.x86_64.rpm
 653910baabf7ee0ad7fbea925f7a1747  corporate/3.0/x86_64/samba-vscan-antivir-3.0.14a-6.3.C30mdk.x86_64.rpm
 95b724272151a90b0b39baa7fe60b9a7  corporate/3.0/x86_64/samba-vscan-clamav-3.0.14a-6.3.C30mdk.x86_64.rpm
 b4fdebc3157d9c321f07cc4d41368602  corporate/3.0/x86_64/samba-vscan-icap-3.0.14a-6.3.C30mdk.x86_64.rpm
 5371cfea234c8bbb85e1e0144636cece  corporate/3.0/x86_64/samba-winbind-3.0.14a-6.3.C30mdk.x86_64.rpm 
 44944ce7e8faf04cf5b9d1449a2b9968  corporate/3.0/SRPMS/samba-3.0.14a-6.3.C30mdk.src.rpm

 Corporate 4.0:
 8a4efbaa85be459e634b6f57bd84e674  corporate/4.0/i586/libsmbclient0-3.0.23a-2.1.20060mlcs4.i586.rpm
 70e874489332bceb5f961ae45a522321  corporate/4.0/i586/libsmbclient0-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
 3d8f343507bae572d31cba5390756a12  corporate/4.0/i586/libsmbclient0-static-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
 f9b130a4c62f3c19cc81c48af86e0361  corporate/4.0/i586/mount-cifs-3.0.23a-2.1.20060mlcs4.i586.rpm
 49071789a8086809b5e560cafb15cad1  corporate/4.0/i586/nss_wins-3.0.23a-2.1.20060mlcs4.i586.rpm
 2a63ca33b2e6443ba6dc4fe0fa1cb4f2  corporate/4.0/i586/samba-client-3.0.23a-2.1.20060mlcs4.i586.rpm
 6fa46d8f20933dd55849eea9237bb3d6  corporate/4.0/i586/samba-common-3.0.23a-2.1.20060mlcs4.i586.rpm
 a3d914d7ab41b2a41db8f60dca831acc  corporate/4.0/i586/samba-doc-3.0.23a-2.1.20060mlcs4.i586.rpm
 28ee763573faf14927a3660f3b4af34e  corporate/4.0/i586/samba-server-3.0.23a-2.1.20060mlcs4.i586.rpm
 e83424699bfff7fc3d4c376bdd60e881  corporate/4.0/i586/samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.i586.rpm
 88044a64f131646a63e51bf5246622de  corporate/4.0/i586/samba-swat-3.0.23a-2.1.20060mlcs4.i586.rpm
 32960e7fed3293db871b6b612e4afcf0  corporate/4.0/i586/samba-test-3.0.23a-2.1.20060mlcs4.i586.rpm
 2044ac2489809fa4f96fec7375b582db  corporate/4.0/i586/samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.i586.rpm
 9a14d2d6696494c518f3f6378a327224  corporate/4.0/i586/samba-vscan-icap-3.0.23a-2.1.20060mlcs4.i586.rpm
 67d208a81ef1070070a666a900700b3a  corporate/4.0/i586/samba-winbind-3.0.23a-2.1.20060mlcs4.i586.rpm 
 57f113921e6fb7414bdd9d1c075b1030  corporate/4.0/SRPMS/samba-3.0.23a-2.1.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 7528aa4288beaa4452ef2c69992065c8  corporate/4.0/x86_64/lib64smbclient0-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 cc101bce8dda332447360161e1b652d1  corporate/4.0/x86_64/lib64smbclient0-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 48c5d9228fdb71803cd2b4d116b5725c  corporate/4.0/x86_64/lib64smbclient0-static-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 d62c236fcbf522c9323f903b7a4bfc41  corporate/4.0/x86_64/mount-cifs-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 8ed4ea70d27d8acdcc1f341460c9bf83  corporate/4.0/x86_64/nss_wins-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 9ba719828eab5adca25c5e3f50fe98fb  corporate/4.0/x86_64/samba-client-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 35d1abde23fbe8ce3cff4cbc35d43f34  corporate/4.0/x86_64/samba-common-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 41b75c632aa59060a0dbe7dcc1b78629  corporate/4.0/x86_64/samba-doc-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 010b50d46c8ec7c50835b4f47767a81a  corporate/4.0/x86_64/samba-server-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 87d9625456749016fe73cea8ac94bebd  corporate/4.0/x86_64/samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 826a8ab2817ffc3063d9b3e4bae452aa  corporate/4.0/x86_64/samba-swat-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 3512d880148667c72488ca5e4bbfe866  corporate/4.0/x86_64/samba-test-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 38352d07c2279ed4167ac39707b169a9  corporate/4.0/x86_64/samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 1bfcc6e14f436c2b62a1d530757c338e  corporate/4.0/x86_64/samba-vscan-icap-3.0.23a-2.1.20060mlcs4.x86_64.rpm
 778a1275dad9902e416a8ebc11ca5fd0  corporate/4.0/x86_64/samba-winbind-3.0.23a-2.1.20060mlcs4.x86_64.rpm 
 57f113921e6fb7414bdd9d1c075b1030  corporate/4.0/SRPMS/samba-3.0.23a-2.1.20060mlcs4.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFx3o2mqjQ0CJFipgRAk5zAJ9tkYQ2v6sYWp+kl8RJivjihfS/ZACg1uLM
p7JuZNsuECR01TTXylVozcM=
=fcOt
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F54209)

Debian Linux Security Advisory 1257-1 (PacketStormID:F54209)
2007-02-06 00:00:00
Debian  debian.org
advisory,remote,denial of service,arbitrary,vulnerability,protocol
linux,debian
CVE-2007-0452,CVE-2007-0454
[点击下载]

Debian Security Advisory 1257-1 - Several remote vulnerabilities have been discovered in samba, a free implementation of the SMB/CIFS protocol, which may lead to the execution of arbitrary code or denial of service.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1257-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
February 5th, 2007                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : samba
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2007-0452 CVE-2007-0454 

Several remote vulnerabilities have been discovered in samba, a free
implementation of the SMB/CIFS protocol, which may lead to the execution
of arbitrary code or denial of service. The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2007-0452

    It was discovered that incorrect handling of deferred file open calls
    may lead to an infinite loop, which results in denial of service.

CVE-2007-0454

    "zybadawg333" discovered that the AFS ACL mapping VFS plugin performs
    insecure format string handling, which may lead to the execution of
    arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 3.0.14a-3sarge4.

For the upcoming stable distribution (etch) these problems have been
fixed in version 3.0.23d-5.

For the unstable distribution (sid) these problems have been fixed in
version 3.0.23d-5.

We recommend that you upgrade your samba package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.dsc
      Size/MD5 checksum:     1081 e31451e53dc1183440dd1c01f1f4d8bd
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4.diff.gz
      Size/MD5 checksum:   115542 122eb7e1092f1664e0988a172dde49ba
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
      Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8

  Architecture independent components:

    http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge4_all.deb
      Size/MD5 checksum: 12117006 428b452562de4a6d2795884c74174bba

  Alpha architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:   401226 ed1513a6d5dd3a208cf9e84e824576a1
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:   659264 5437692a3433b5da9d6f7cca0ae31310
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  1014026 c89075de31bd0c5b369c1f1991faeab4
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  5231866 0ce699ad269ed26e0996326d1a60fdc6
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  3126076 3e9ff19d65e609ae9e318f97ffb3af1a
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  2406170 cdd82ccac3caad5faf3870c02ffe64e3
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum: 20261304 137818bb48718533dd7d253ee8b8a4d2
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  3247978 ee1cb7cd162e40784214c435a1e63a89
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:   458542 16e0d4c7545dcafaf3c0e1d80e36e00e
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  4222536 9921fbf27e8bb38c7d2e38b7f23ee3b4
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_alpha.deb
      Size/MD5 checksum:  1822012 14bf0809e5c6405f54ba731c746b9c44

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:   380778 0378f51516ff104a740f1a6644d0f9ea
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:   599290 58a5cd47d9aec39479c7c62d30cf4932
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:   795124 20560796c1a287ac736268caa8a0b0e0
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  5197736 c409c5d3c8b275a1536a32b24d664aa7
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  2806656 e305394ee72239cb6443a8a226a92ac5
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  2192500 a77b9ad2c6ab8ec9d22591790e8acf51
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  6480858 46b78f9ea914f53c4886d50b52fc7bd9
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  2865002 eb2a8a1c350b626f7b7bfb6649c404c8
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:   410126 b477bb9f6b1dd09946f52aec4fee5ad1
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  4122044 563961794778dfbc28ebebaa35246e66
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_amd64.deb
      Size/MD5 checksum:  1649816 f89fe53052cc2ac48a257ccb2bd730c0

  ARM architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:   340974 b70bba74799a2d21c5c09ea212aa2993
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:   544332 eb0976cd484f2142ae83c1fd58691f26
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:   822300 d4d4861f9d172ce7ce0f6aaff14ffb18
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  4644696 d0ea3ef433c97a575b83dec2dc78001a
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  2556438 636cf0924bffa5d81bfd905e845c2f08
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  2008618 ee6a0daeca1b4b9a167f64c8a784fb73
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  6654330 00b027d23e3c0c5c9320a82c96a4301b
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  2595574 cef0eed3fe5f611faf5561c004b9ec91
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:   375492 5103b1b22eefb9b09cc2801cb97f8b2d
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  4063646 ac89ce6ec4a02db7b89cfd2c6551f53c
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_arm.deb
      Size/MD5 checksum:  1482292 953bd5aa649fd1c23109649ca4e64173

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:   403440 691603900e6cab414dccb516afeeebc1
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:   643320 5329c5914085e9cec652629d270ca835
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:   893964 b11f75762493ff460d37a808e2b2cf1c
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  5548728 d0a3f7231ea5d2b9fa257188d6b84d46
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  2862788 6a689a7ef4e19a15dee9b9cd9ac5fafe
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  2213182 d05600d0ce064b2d625d574f5c8d982a
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  6460708 60c9e3b18f95037a946f6007e284b1b6
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  2913120 1076d43282a731e0e2f99945d84700e2
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:   416396 8e554e8ccd786e79a570b1bbac043080
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  4134054 97d30ae09c589a860f0ff9868089558e
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_hppa.deb
      Size/MD5 checksum:  1689382 e4a5a4a936131f6b5ad0196653269f01

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:   347608 c1cff601820cae3af4f9ecb3decca718
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:   550154 31131b0fa8f2d3dc62a2bc003927aec8
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:   740546 3232f4931d7f1be55c609c5712f08b90
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  4752760 91d232207c14b3907370de4d3abae3c2
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  2522706 201d6bdc9954a6cbfe6e46244201ba3d
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  1988408 1ca854f5c54f2c2980ad54b2ec92025d
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  6640724 568c12f5f79179352f4457ac3dab1f7d
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  2535976 2c8b864145af6ef09e5357e19590cecb
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:   371120 4874ebfc6749e3a20fa362f929a14d84
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  4053316 93a68f15d73d70d49531e3f038f0064a
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_i386.deb
      Size/MD5 checksum:  1463906 39d8fd5aa5bfa5aab5aab7db8ce97b5d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:   472432 aac440872855901224e388ee45dac72e
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:   753934 85c019e8227e2931fd729cb62ac50665
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  1034652 c74b21cd97c05b681aca5d08ec8f8aa0
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  6619408 9a2094c8e986950267bf9074aabb0ae1
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  3813628 506e543e9589590bbd18c348e8aa0180
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  2850440 7178b97aae577ed351785a28f48b3e70
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:   674122 c2099d20755db4cabd86d2deab150a68
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  3920854 14185f467acf17968637c819bdf02210
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:   547152 eef85bdc65848becc46428a862241d14
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  4361464 69df8256e4a6f32cc51e99b7e71cad39
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_ia64.deb
      Size/MD5 checksum:  2210714 26a6d7bbcde9b6d94f37e53a93f43e17

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:   329520 5c26f2c67be4fdf02ac4cc4a90dd7719
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:   520354 7227fbce4ac60790736a4bf0e0363433
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:   656118 b605c2a1594bc2548b797490347c5bb2
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  4545606 deb44f02dadf80fcd9ea9a1266014113
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  2220610 8dc5db63f11c8ae1f20b1337e77ee396
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  1780882 dd9d020034d4b9ceac0bb2587418a8c6
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  6327942 d057347dd45bf6493dadc4c406d328c2
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  2232724 ab8038a05eb36ea800d8e98ddf365825
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:   334590 a79b1722ed2fab3f9eba7669460b91f6
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  3972970 6b373a2c3825957f6525d15a6ba05439
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_m68k.deb
      Size/MD5 checksum:  1313454 d66388983a130ec1d9991b501763ea56

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:   356160 7484de7a8284ab6ddae47e724ae6a7ef
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:   555498 08325cd44084335c733f9c0bde02ed29
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:   820722 881f8071b36312ed45bb948a3c72ad71
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  4665362 86a8b6c3125e7e29f3ff7a3640963d90
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  2775198 add7d625463c96ccb0f1b17e44d7bca6
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  2155060 fbc5686e4c623cf23c18258feaa88c4b
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  6759830 0b3a11a201ae83355b023d2ba22865f2
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  2821434 3c65aee1a03207c4da9e4d40e6b7e263
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:   411852 324a48ccfcda0afccfb984e4d7d4400e
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  4104204 1e8841164dcf2ac6f3a3fa41765f04e4
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mips.deb
      Size/MD5 checksum:  1603728 c41db51a3c9a8956f732433ea863ff06

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:   355038 05f0538f36a166df80edccd2e93271aa
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:   553240 c0e4c6f349fd2c5823ce881929709927
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:   812406 ce897754afd819ffdfa9708101432083
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  4650708 d00c4533ce9ace8496487130b576c1ed
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  2776248 a2ab4b8f8791559c9bddec150768a3d1
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  2151968 5b191ff77d2efd41f3beac75cecd46d5
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  6573742 ad800c87bf87a70e393c1b52a9de187e
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  2816574 94a2650bd6cec6017328255a6df4dc99
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:   410616 c00e6fdfb03f37a269e8151ce4572675
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  4102650 7e5582f238d7bbf7bf8e6eecad3b91ed
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_mipsel.deb
      Size/MD5 checksum:  1601364 f4d11e09cd8bff88d9e758f042d693e3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:   367782 c1166ddce4f4f2ba32b673365e468848
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:   590926 9dedaaa1ac5ddb8522a173bec7323fc8
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:   736584 b0e18455cdf3fffcf91b9d780432865f
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  5009404 8cddf499eb4827333943e2ed8434a81e
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  2771992 88f9ddbe66b31c8806d92bf6db32f118
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  2153756 b3b6fb9aaeaa21ddfd0cc218eef4f2c6
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  6855234 6c13b994999d952c0d314ddb82603cb7
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  2824232 34eba62b6c4d48bdc085365c2cf67024
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:   406282 1b59265f16d0f5e55d2752fc8c56438a
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  4112216 328a45403859379597177fe49211453a
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_powerpc.deb
      Size/MD5 checksum:  1612316 9466fef0279933554d2e94a8a23428cb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:   385558 9f020f95c1e598c42fabdb9f08216dec
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:   603630 aa06ffa728ca348574e82abb70e6e644
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:   796258 bcb70fc7b4bd9307d5ba53e635e2e29a
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  5282646 b1738dc01a023d62a08291db2b5e010e
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  2723342 77fa5179bba1cd7275291dd4906ac90a
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  2122412 316a93147dab42dcfeefe69b524993b7
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  6831846 21177adfb613f01d997a99b7cd9b524d
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  2773144 aff4d52d118fe59fcd1302c38bf91e8a
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:   404192 62175fb579eabb6c2d37efa26b7be76e
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  4091974 64f9851fdd14be08220445d44121c185
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_s390.deb
      Size/MD5 checksum:  1613030 b6ad9509a1af7621a0cf7b775b89f763

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:   355466 e8aa06b90abceddce818839f6d2def17
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:   560884 f2f8ebfea16880ef9f1ddeab3e867c6a
    http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:   795240 d5d428d728ce78ab9688febd670e1d1b
    http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  4861930 24d262774c8fde4d1287311b5492c0cb
    http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  2520686 f138f0b15a7c6c9317bdcf205eac4140
    http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  1977974 cff11e6d984d96b08323542033f65893
    http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  6344260 45888fe47ec5a613a491f63707392ed6
    http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  2539818 146dfe8c85cf825664393e40eef4a58d
    http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:   371444 ec8c1179fe00fe47babce07744a6a296
    http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  4049508 e2c949808a6634702dd8ff7bbaf727c2
    http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge4_sparc.deb
      Size/MD5 checksum:  1476048 fb4619e500d82ab10a5e8e24cc44cefb

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFx3oOXm3vHE4uyloRAlioAJ4iz7meMyadpm37iO8Oii+wDHtQGQCgm/qK
AXb1TvYcWZphX0Bpym9xB/8=
=bBKz
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F54205)

CVE-2007-0454.tgz (PacketStormID:F54205)
2007-02-06 00:00:00
 
advisory
CVE-2007-0454
[点击下载]

The name of a file on the server's share is used as the format string when setting an NT security descriptor through the afsacl.so VFS plugin. This affects Samba versions 3.0.6 through 3.0.23d. Patch included.

- 漏洞信息

33101
Samba VFS Plugin afsacl.so Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2007-02-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Samba Server VFS Plugin AFSACL.SO Remote Format String Vulnerability
Input Validation Error 22403
Yes No
2007-02-05 12:00:00 2007-05-23 06:38:00
The vendor credits zybadawg333 <zybadawg333@hushmail.com> with the discovery of this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 sparc
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 6.10 sparc
Ubuntu Ubuntu Linux 6.10 powerpc
Ubuntu Ubuntu Linux 6.10 i386
Ubuntu Ubuntu Linux 6.10 amd64
Ubuntu Ubuntu Linux 6.06 LTS sparc
Ubuntu Ubuntu Linux 6.06 LTS powerpc
Ubuntu Ubuntu Linux 6.06 LTS i386
Ubuntu Ubuntu Linux 6.06 LTS amd64
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux FUJI
Turbolinux FUJI 0
Turbolinux Appliance Server 2.0
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Operating System Enterprise Server 2.0
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 11.0
Samba Samba 3.0.22
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21
Samba Samba 3.0.20
+ Slackware Linux 10.2
Samba Samba 3.0.14
Samba Samba 3.0.13
Samba Samba 3.0.12
Samba Samba 3.0.11
Samba Samba 3.0.10
+ Slackware Linux 10.1
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
Samba Samba 3.0.9
Samba Samba 3.0.8
Samba Samba 3.0.7
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.2
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.1
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 2.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.5
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
Samba Samba 3.0.6
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Workgroup Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server 1.0 Hosting Edition
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Hosting Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Appliance Server Workgroup Edition 1.0
+ Turbolinux Home
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Workstation 8.0
Samba Samba 3.0.23d
+ Mandriva Linux Mandrake 2007.0 x86_64
+ Mandriva Linux Mandrake 2007.0
Samba Samba 3.0.21c
Samba Samba 3.0.21b
Samba Samba 3.0.21a
Samba Samba 3.0.20b
Samba Samba 3.0.20a
Samba Samba 3.0.14a
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
rPath rPath Linux 1
Pardus Linux 2007.1
OpenPKG OpenPKG E1.0-Solid
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Samba Samba 3.0.24
+ Mandriva Linux Mandrake 2007.1 x86_64
+ Mandriva Linux Mandrake 2007.1
+ Mandriva Linux Mandrake 2007.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64

- 不受影响的程序版本

Samba Samba 3.0.24
+ Mandriva Linux Mandrake 2007.1 x86_64
+ Mandriva Linux Mandrake 2007.1
+ Mandriva Linux Mandrake 2007.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64

- 漏洞讨论

Samba is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied input before including it in the format-specifier argument of a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of users running the affected application. This facilitates the remote compromise of affected computers.

Samba versions 3.06 to 3.0.23d are vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

- 解决方案

The vendor has released a patch to address this issue. Please see the references for more information.


Samba Samba 3.0.21a

Samba Samba 3.0.14a

Samba Samba 3.0.21b

Samba Samba 3.0.23d

Samba Samba 3.0.20a

Samba Samba 3.0.21c

Samba Samba 3.0.10

Samba Samba 3.0.12

Samba Samba 3.0.20

Samba Samba 3.0.21

Samba Samba 3.0.22

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站