Samba多个未明远程缓冲区溢出漏洞-一一网

漏洞信息详情

Samba多个未明远程缓冲区溢出漏洞

CNNVD编号：CNNVD-200305-014

危害等级：超危
CVE编号：
CVE-2003-0196
漏洞类型：

缓冲区溢出
发布时间：

2003-05-05
威胁类型：

远程
更新时间：

2005-10-31
厂商：

hp
漏洞来源：
These vulnerabilit…

漏洞简介

Samba 2.2.8a之前版本存在多个缓冲区溢出漏洞。远程攻击者可以利用该漏洞执行任意代码或导致服务拒绝，正如Samba团队发现的，该漏洞不同于CVE-2003-0201。

漏洞公告

Samba 2.2.8a has been released which addresses these issues. Samba is currently developing patches which will specifically address the problems in version 2.2.7a and 2.0.10. Users are advised to upgrade as soon as possible.
Slackware has released a security advisory (2003-04-08) containing fixes which address this issue.
Debian has released a security advisory (DSA 280-1) containing fixes which address this issue.
OpenPKG has released a security advisory (OpenPKG-SA-2003.028) containing fixes which address this issue.
Mandrake has released a security advisory (MDKSA-2003:044) containing fixes which address this issue.
FreeBSD has released a security note (FreeBSD-SN-03:01) which contains updated ports information. Further information can be found in the attached advisory.
Immunix has released a security advisory (IMNX-2003-7+-006-01) which contains fixes which address this issue for Samba 2.0.10. Users are advised to upgrade as soon as possible.
Red Hat has revised its advisory (RHSA-2003:137-02). See referenced advisory for new fix details.
Gentoo Linux has released an advisory. Users who have installed net-fs/samba are advised to upgrade to samba-2.2.8a by issuing the following commands:
emerge sync
emerge samba
emerge clean
HP has released an advisory HPSBUX0304-254. HP has stated that new smbd binaries (smbd.11.00.r1.gz) are available at the following locations. Further information is available in the referenced advisory:
ftp://samba:samba@hprc.external.hp.com/
ftp://samba:samba@192.170.19.51/
ftp hprc.external.hp.com
Veritas has determined that various ServPoint NAS releases are affected by this vulnerability. Patches are currently being developed. Users are advised to contact the vendor for further information regarding how to obtain fixes.

Samba Samba 2.0.10

Immunix samba-2.0.10-2_imnx_3.i386.rpm

http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-2.0.10-2_i
mnx_3.i386.rpm
Immunix samba-client-2.0.10-2_imnx_3.i386.rpm

http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0
.10-2_imnx_3.i386.rpm
Immunix samba-common-2.0.10-2_imnx_3.i386.rpm

http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/samba-client-2.0
.10-2_imnx_3.i386.rpm

Samba Samba 2.0.7

Debian samba-common_2.0.7-5.1_alpha.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.
7-5.1_alpha.deb
Debian samba-common_2.0.7-5.1_arm.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.
7-5.1_arm.deb
Debian samba-common_2.0.7-5.1_i386.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.
7-5.1_i386.deb
Debian samba-common_2.0.7-5.1_m68k.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.
7-5.1_m68k.deb
Debian samba-common_2.0.7-5.1_powerpc.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.
7-5.1_powerpc.deb
Debian samba-common_2.0.7-5.1_sparc.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba-common_2.0.
7-5.1_sparc.deb
Debian samba_2.0.7-5.1_alpha.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_a
lpha.deb
Debian samba_2.0.7-5.1_arm.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_a
rm.deb
Debian samba_2.0.7-5.1_i386.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_i
386.deb
Debian samba_2.0.7-5.1_m68k.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_m
68k.deb
Debian samba_2.0.7-5.1_powerpc.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_p
owerpc.deb
Debian samba_2.0.7-5.1_sparc.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/samba_2.0.7-5.1_s
parc.deb
Debian smbclient_2.0.7-5.1_alpha.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5
.1_alpha.deb
Debian smbclient_2.0.7-5.1_arm.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5
.1_arm.deb
Debian smbclient_2.0.7-5.1_i386.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5
.1_i386.deb
Debian smbclient_2.0.7-5.1_m68k.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5
.1_m68k.deb
Debian smbclient_2.0.7-5.1_powerpc.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5
.1_powerpc.deb
Debian smbclient_2.0.7-5.1_sparc.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbclient_2.0.7-5
.1_sparc.deb
Debian smbfs_2.0.7-5.1_alpha.debDebian GNU/Linux 2.2 alias potato

http://security.debian.org/pool/updates/main/s/samba/smbfs_2.

参考网址

来源: REDHAT
名称: RHSA-2003:137
链接:http://www.redhat.com/support/errata/RHSA-2003-137.html

来源: DEBIAN
名称: DSA-280
链接:http://www.debian.org/security/2003/dsa-280

来源: BUGTRAQ
名称: 20030407 [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104973186901597&w=2

来源: MANDRAKE
名称: MDKSA-2003:044
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:044

来源: BUGTRAQ
名称: 20030407 Immunix Secured OS 7+ samba update
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104974612519064&w=2

来源: US Government Resource: oval:org.mitre.oval:def:564
名称: oval:org.mitre.oval:def:564
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:564