Samba SMB/CIFS包分片重组缓冲区溢出漏洞发布时间:2003-03-15 更新时间:2003-03-25 严重程度:高 威胁程度:远程管理员权限 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:7106 CVE(CAN) ID:CAN-2003-0085 受影响系统 HP CIFS/9000 Server A.01.09.01详细描述 Samba存在一个缓冲区溢出漏洞。 Samba在处理SMB/CIFS包分片重装时存在问题,远程攻击者可以对服务进行缓冲区溢出攻击,可能以smbd用户权限在系统上执行任意指令。 解决方案 HP CIFS/9000 Server A.01.09.01: HP Hotfix smbd.11.00.gz ftp://samba:samba@hprc.external.hp.com/ HP CIFS/9000 Server A.01.09: HP CIFS/9000 Server A.01.08.01: HP CIFS/9000 Server A.01.08: HP CIFS/9000 Server A.01.07: HP CIFS/9000 Server A.01.06: HP CIFS/9000 Server A.01.05: Samba Samba 2.0 .0: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.1: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.2: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.3: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.4: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.5: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.6: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.7: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.8: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.9: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.0.10: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ SuSE Upgrade samba-2.0.10-27.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/samba-2.0.10-27.i386.rpm SuSE Upgrade smbclnt-2.0.10-21.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/smbclnt-2.0.10-21.alpha.rpm SuSE Upgrade smbclnt-2.0.10-21.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/smbclnt-2.0.10-21.ppc.rpm SuSE Upgrade smbclnt-2.0.10-27.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/smbclnt-2.0.10-27.i386.rpm WireX Patch samba-2.0.10-2_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_imnx_2.i386.rpm WireX Patch samba-client-2.0.10-2_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0.10-2_imnx_2.i386.rpm WireX Patch samba-common-2.0.10-2_imnx_2.i386.rpm http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-common-2.0.10-2_imnx_2.i386.rpm SuSE Upgrade samba-2.0.10-21.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/samba-2.0.10-21.alpha.rpm SuSE Upgrade samba-2.0.10-21.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/samba-2.0.10-21.ppc.rpm Samba Samba 2.2 .0a: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ SuSE Upgrade samba-2.2.0a-48.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/samba-2.2.0a-48.i386.rpm SuSE Upgrade smbclnt-2.2.0a-48.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/smbclnt-2.2.0a-48.i386.rpm Samba Samba 2.2 .0: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.2.1 a: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ SuSE Upgrade samba-2.2.1a-147.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/samba-2.2.1a-147.ppc.rpm SuSE Upgrade samba-2.2.1a-213.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/samba-2.2.1a-213.i386.rpm SuSE Upgrade samba-2.2.1a-73.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/samba-2.2.1a-73.sparc.rpm SuSE Upgrade samba-client-2.2.1a-147.ppc.rpm ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/samba-client-2.2.1a-147.ppc.rpm SuSE Upgrade samba-client-2.2.1a-213.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/samba-client-2.2.1a-213.i386.rpm SuSE Upgrade samba-client-2.2.1a-73.sparc.rpm ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/samba-client-2.2.1a-73.sparc.rpm Samba Samba 2.2.2: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.2.3 a: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ SuSE Upgrade samba-2.2.3a-169.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/samba-2.2.3a-169.i386.patch.rpm SuSE Upgrade samba-2.2.3a-169.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/samba-2.2.3a-169.i386.rpm SuSE Upgrade samba-client-2.2.3a-169.i386.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/samba-client-2.2.3a-169.i386.patch.rpm SuSE Upgrade samba-client-2.2.3a-169.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/samba-client-2.2.3a-169.i386.rpm Samba Samba 2.2.3: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.2.4: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.2.5: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ SuSE Upgrade samba-2.2.5-160.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.5-160.i586.patch.rpm SuSE Upgrade samba-2.2.5-160.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.5-160.i586.rpm SuSE Upgrade samba-client-2.2.5-160.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-client-2.2.5-160.i586.patch.rpm SuSE Upgrade samba-client-2.2.5-160.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-client-2.2.5-160.i586.rpm OpenPKG Upgrade samba-2.2.5-1.1.2.src.rpm ftp://ftp.openpkg.org/release/1.1/UPD/samba-2.2.5-1.1.2.src.rpm Samba Samba 2.2.6: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Samba Samba 2.2.7 a: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Slackware Upgrade samba-2.2.8-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/samba-2.2.8-i386-1.tgz Slackware Upgrade samba-2.2.8-i386-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/samba-2.2.8-i386-1.tgz Red Hat Upgrade samba-swat-2.2.7a-7.9.0.i386.rpm ftp://updates.redhat.com/9/en/os/i386/samba-swat-2.2.7a-7.9.0.i386.rpm Red Hat Upgrade samba-client-2.2.7a-7.9.0.i386.rpm ftp://updates.redhat.com/9/en/os/i386/samba-client-2.2.7a-7.9.0.i386.rpm Red Hat Upgrade samba-common-2.2.7a-7.9.0.i386.rpm ftp://updates.redhat.com/9/en/os/i386/samba-common-2.2.7a-7.9.0.i386.rpm Red Hat Upgrade samba-2.2.7a-7.9.0.i386.rpm ftp://updates.redhat.com/9/en/os/i386/samba-2.2.7a-7.9.0.i386.rpm Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Corporate Server 2.1. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0/PPC. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0/PPC. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0/PPC. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0/PPC. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.0/PPC. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.ia64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1/IA64. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.ia64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1/IA64. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.ia64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1/IA64. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.ia64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1/IA64. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.ia64.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.1/IA64. Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2. Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.ppc.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 8.2/PPC. Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Linux 9.0. Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Multi Network Firewall 8.2. Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm http://www.mandrakesecure.net/en/ftp.php Mandrake Multi Network Firewall 8.2. OpenPKG Upgrade samba-2.2.7a-1.2.1.src.rpm ftp://ftp.openpkg.org/release/1.2/UPD/samba-2.2.7a-1.2.1.src.rpm Samba Samba 2.2.7: Samba Upgrade Samba 2.2.8 http://download.samba.org/samba/ftp/ Red Hat Upgrade samba-2.2.7-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/samba-2.2.7-2.7.2.i386.rpm Red Hat Upgrade samba-2.2.7-2.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/samba-2.2.7-2.7.2.ia64.rpm Red Hat Upgrade samba-2.2.7-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/samba-2.2.7-2.7.3.i386.rpm Red Hat Upgrade samba-2.2.7-4.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/samba-2.2.7-4.8.0.i386.rpm Red Hat Upgrade samba-client-2.2.7-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/samba-client-2.2.7-2.7.2.i386.rpm Red Hat Upgrade samba-client-2.2.7-2.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/samba-client-2.2.7-2.7.2.ia64.rpm Red Hat Upgrade samba-client-2.2.7-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/samba-client-2.2.7-2.7.3.i386.rpm Red Hat Upgrade samba-common-2.2.7-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/samba-common-2.2.7-2.7.2.i386.rpm Red Hat Upgrade samba-common-2.2.7-2.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/samba-common-2.2.7-2.7.2.ia64.rpm Red Hat Upgrade samba-common-2.2.7-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/samba-common-2.2.7-2.7.3.i386.rpm Red Hat Upgrade samba-common-2.2.7-4.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/samba-common-2.2.7-4.8.0.i386.rpm Red Hat Upgrade samba-swat-2.2.7-2.7.2.i386.rpm ftp://updates.redhat.com/7.2/en/os/i386/samba-swat-2.2.7-2.7.2.i386.rpm Red Hat Upgrade samba-swat-2.2.7-2.7.2.ia64.rpm ftp://updates.redhat.com/7.2/en/os/ia64/samba-swat-2.2.7-2.7.2.ia64.rpm Red Hat Upgrade samba-swat-2.2.7-2.7.3.i386.rpm ftp://updates.redhat.com/7.3/en/os/i386/samba-swat-2.2.7-2.7.3.i386.rpm Red Hat Upgrade samba-swat-2.2.7-4.8.0.i386.rpm ftp://updates.redhat.com/8.0/en/os/i386/samba-swat-2.2.7-4.8.0.i386.rpm Samba-TNG Samba-TNG 0.3: Samba-TNG Upgrade Samba-TNG 0.3.1 http://www.samba-tng.org/download/tng/ 相关信息 报告:Sebastian Krahmer <krahmer at suse.de> 相关资料:http://online.securityfocus.com/advisories/5097 http://online.securityfocus.com/advisories/5129 http://online.securityfocus.com/advisories/5095 http://online.secur |
