Samba Mksmbpasswd.sh以不安全方式创建用户帐户漏洞

漏洞信息详情

Samba Mksmbpasswd.sh以不安全方式创建用户帐户漏洞

• CNNVD编号：CNNVD-200403-003
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-0082
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-02-10
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  samba
• 漏洞来源：
  Samba

Samba是一套实现SMB(Server Messages Block)协议，跨平台进行文件共享和打印共享服务的程序。
Samba mksmbpasswd.sh shell脚本存在安全问题，本地攻击者可以利用这个漏洞建立用户帐户。
攻击者可以利用这个脚本建立的不安全帐户访问Samba共享资源。目前没有详细漏洞细节提供。

厂商补丁：
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2004:064-10)以及相应补丁:

RHSA-2004:064-10：Updated samba packages fix security vulnerability

链接：https://rhn.redhat.com/errata/RHSA-2004-064.html” target=”_blank”>https://rhn.redhat.com/errata/RHSA-2004-064.html

补丁下载：

Fedora Upgrade samba-3.0.2-7.FC1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-3.0.2-7.FC1.i386.rpm” target=”_blank”>
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-3.0.2-7.FC1.i386.rpm

Fedora Upgrade samba-client-3.0.2-7.FC1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-client-3.0.2-7.FC1.i386.rpm” target=”_blank”>
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-client-3.0.2-7.FC1.i386.rpm

Fedora Upgrade samba-common-3.0.2-7.FC1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-common-3.0.2-7.FC1.i386.rpm” target=”_blank”>
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-common-3.0.2-7.FC1.i386.rpm

Fedora Upgrade samba-swat-3.0.2-7.FC1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-swat-3.0.2-7.FC1.i386.rpm” target=”_blank”>
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/samba-swat-3.0.2-7.FC1.i386.rpm

Fedora Upgrade samba-debuginfo-3.0.2-7.FC1.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/debug/samba-debuginfo-3.0.2-7.FC1.i386.rpm” target=”_blank”>
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/debug/samba-debuginfo-3.0.2-7.FC1.i386.rpm
Samba
—–
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Samba Upgrade Samba 3.0.2

http://samba.org/samba/whatsnew/samba-3.0.2.html” target=”_blank”>
http://samba.org/samba/whatsnew/samba-3.0.2.html

来源: BID
名称: 9637
链接:http://www.securityfocus.com/bid/9637

来源: REDHAT
名称: RHSA-2004:064
链接:http://www.redhat.com/support/errata/RHSA-2004-064.html

来源: XF
名称: samba-mksmbpasswd-gain-access(15132)
链接:http://xforce.iss.net/xforce/xfdb/15132

来源: www.vuxml.org
链接:http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html

来源: us1.samba.org
链接:http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt

来源: OSVDB
名称: 3919
链接:http://www.osvdb.org/3919

来源: CIAC
名称: O-078
链接:http://www.ciac.org/ciac/bulletins/o-078.shtml

来源: US Government Resource: oval:org.mitre.oval:def:827
名称: oval:org.mitre.oval:def:827
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:827