CNNVD-ID编号 | CNNVD-200705-278 |
CVE编号 | CVE-2007-2446 |
发布时间 | 2006-06-01 |
更新时间 | 2009-05-20 |
漏洞类型 | 缓冲区溢出 |
漏洞来源 | N/A |
危险等级 | 超危 |
威胁类型 | 远程 |
厂 商 | samba |
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba的NDR函数实现上存在漏洞,远程攻击者可能利用此漏洞控制Samba服务器。
Samba没有正确地验证发送给多个RPC接口的RPC请求,在解析对LsarAddPrivilegesToAccount、DFSEnum、RFNPCNEX、NetSetFileSecurity和LsarLookupSids/LsarLookupSids2的请求时,堆分配是基于用户输入计算的,因此攻击者可以通过指定无效的值覆盖堆块,导致执行任意代码。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1291-1)以及相应补丁:
DSA-1291-1:New samba packages fix multiple vulnerabilities
链接: http://www.debian.org/security/2007/dsa-1291" target="_blank">
http://www.debian.org/security/2007/dsa-1291
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.dsc" target="_blank">
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.dsc
Size/MD5 checksum: 1425 04c3ba2544a4dba0e23748697bbcb93c
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz" target="_blank">
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
Size/MD5 checksum: 17708128 89273f67a6d8067cbbecefaa13747153
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.diff.gz" target="_blank">
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.diff.gz
Size/MD5 checksum: 209279 01a1d7d0cb1afcb8cff7da5937c72318
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch1_all.deb
Size/MD5 checksum: 6913100 ad2bda3c198d48346696f83dcc44a919
http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch1_all.deb
Size/MD5 checksum: 6598732 ae5dd6f0ee9ede4135507778fe939c5b
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 12298820 361c9a38d1601d5f40b5999712b421ce
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 4845328 6cadfc3b139943f558066c08737d43f6
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 2286174 f020a21acc276108270b364574635bff
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 879246 cd710df2be2d347a3a57d4aeb3e538e0
http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 6705430 2b66a4a7d2e202592af3e76143246085
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_alpha.deb" target="_blank">
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 956068 c78ed74384834b23fc0cdb744eae6ca4
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_alpha.deb" target="_blank">
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 521138 be541e59b60bbaf52cb410ae77afe8a9
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_alpha.deb" target="_blank">
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_alpha.deb
Size/MD5 checksum: 4000850 42c314e7c7baa6713e34fff690b94b63
http://security.debian.org/pool/updates/m
来源: VU#773720
名称: VU#773720
来源: BUGTRAQ
名称: 20070513 [SAMBA-SECURITY] CVE-2007-2446: Multiple Heap Overflows Allow Remote Code Execution
链接:http://www.securityfocus.com/archive/1/archive/1/468542/100/0/threaded
来源: www.samba.org
来源: issues.rpath.com
来源: XF
名称: samba-lsaiotransnames-bo(34316)
来源: XF
名称: samba-secioacl-bo(34314)
来源: XF
名称: samba-smbionotifyoptiontypedata-bo(34312)
来源: XF
名称: samba-netdfsiodfsenuminfod-bo(34311)
来源: XF
名称: samba-lsaioprivilegeset-bo(34309)
来源: MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-07-033.html
来源: MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-07-032.html
来源: MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-07-031.html
来源: MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-07-030.html
来源: MISC
链接:http://www.zerodayinitiative.com/advisories/ZDI-07-029.html
来源: UBUNTU
名称: USN-460-1
来源: TRUSTIX
名称: 2007-0017
来源: SECTRACK
名称: 1018050
来源: BID
名称: 23973
来源: BUGTRAQ
名称: 20070515 ZDI-07-033: Samba lsa_io_trans_names Heap Overflow Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/468680/100/0/threaded
来源: BUGTRAQ
名称: 20070515 ZDI-07-030: Samba netdfs_io_dfs_EnumInfo_d Heap Overflow Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/468675/100/0/threaded
来源: BUGTRAQ
名称: 20070515 ZDI-07-029: Samba lsa_io_privilege_set Heap Overflow Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/468674/100/0/threaded
来源: BUGTRAQ
名称: 20070515 ZDI-07-031: Samba smb_io_notify_option_type_data Heap Overflow Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/468673/100/0/threaded
来源: BUGTRAQ
名称: 20070515 ZDI-07-032: Samba sec_io_acl Heap Overflow Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/468672/100/0/threaded
来源: BUGTRAQ
名称: 20070515 FLEA-2007-0017-1: samba
链接:http://www.securityfocus.com/archive/1/archive/1/468670/100/0/threaded
来源: REDHAT
名称: RHSA-2007:0354
来源: VUPEN
名称: ADV-2007-1805
来源: DEBIAN
名称: DSA-1291
来源: SLACKWARE
名称: SSA:2007-134-01
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
来源: GENTOO
名称: GLSA-200705-15
来源: SECUNIA
名称: 25270
来源: SECUNIA
名称: 25259
来源: SECUNIA
名称: 25257
来源: SECUNIA
名称: 25256
来源: SECUNIA
名称: 25255
来源: SECUNIA
名称: 25251
来源: SECUNIA
名称: 25246
来源: SECUNIA
名称: 25241
来源: SECUNIA
名称: 25232
来源: HP
名称: HPSBUX02218
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01067768
来源: MANDRIVA
名称: MDKSA-2007:104
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:104
来源: www.xerox.com
链接:http://www.xerox.com/downloads/usa/en/c/cert_XRX08_001.pdf
来源: BID
名称: 25159