漏洞信息详情
Samba Filename Mangling Method缓冲区溢出漏洞
- CNNVD编号:CNNVD-200407-049
- 危害等级: 中危
![图片[1]-Samba Filename Mangling Method缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2004-0686
- 漏洞类型:
缓冲区溢出
- 发布时间:
2004-07-27
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
trustix - 漏洞来源:
Samba -
漏洞简介
Samba 2.2.x 到2.2.9版本,以及3.0.0到3.0.4版本存在缓冲区溢出漏洞。当smb.conf中启用\”mangling method = hash\”选项时,有未知的影响和攻击向量。
漏洞公告
Conectiva has released advisory CLA-2004:854 to provide Kernel updates to address this and other issues for Conectiva 8 and 9. Please see the referenced advisory for further details regarding obtaining and applying appropriate updates.
Red Hat has released advisory RHSA-2004:404-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
OpenPKG has released an advisory (OpenPKG-SA-2004.033) dealing with this issue. Please see the referenced advisory for more information.
Conectiva Linux has released advisory CLA-2004:851 dealing with this issue. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:259-23 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Tinysofa Linux has released advisory TSSA-2004-014 dealing with this issue. Please see the referenced advisory for more information.
SuSE Linux has released advisory SUSE-SA:2004:022 along with fixes dealing with this issue. Please see the referenced vendor advisory for more information.
Mandrake has released advisory MDKSA-2004:071 dealing with this issue. Please see the referenced advisory for more information.
Netwosix Linux has released advisory LNSA-#2004-0015 along with an upgrade dealing with this issue. Please see the referenced advisory for more information.
Trustix Secure Linux has released advisory TSL-2004-0039 to address this, and other issues. Please see the referenced advisory for further information.
HP has released an advisory (HPSBUX01062 – SSRT4782, revision 0) dealing with this issue. Although no resolution has been provided, they recommend that users set the “mangling method = hash2” or “mangled names = no” in smb.conf to temporarily resolve the issue. Please see the referenced advisory for more information.
Gentoo has released fixes for this issue that may be applied with the following commands:
emerge sync
emerge -pv “>=net-fs/samba-3.0.5”
emerge “>=net-fs/samba-3.0.5”
Gentoo has released an updated errata advisory (GLSA 200407-21:02) to correct the list of affected and non-affected versions. Please see the attached advisory for further information.
RedHat has released advisories FEDORA-2004-284, and FEDORA-2004-285 to address this and other issues in RedHat Fedora Core 1 and 2 respectively. Please see the references advisories for further information.
TurboLinux has released advisory TLSA-2004-25 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.
The Fedora Legacy project has released advisory FLSA:2102 along with fixes to address this issue for RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.
Sun has released a security bulletin (#57664) to announce that Solaris includes affected versions of the software and that fixes are pending.
The vendor has released an upgrade dealing with this issue.
Sun Solaris 9
Sun Solaris 9_x86
Samba Samba 3.0.2 a
-
Mandrake libsmbclient0-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libsmbclient0-devel-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake libsmbclient0-static-devel-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake nss_wins-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake nss_wins-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-client-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-client-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-common-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-common-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-doc-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-doc-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-passdb-mysql-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-passdb-mysql-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-passdb-xml-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-passdb-xml-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-server-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-server-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-swat-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-swat-3.0.2a-3.2.100mdk.i586.rpmMandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake samba-winbind-3.0.2a-3.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
http://www.mandrakesec
参考网址
来源: REDHAT
名称: RHSA-2004:259
链接:http://www.redhat.com/support/errata/RHSA-2004-259.html
来源: BUGTRAQ
名称: 20040722 Security Release – Samba 3.0.5 and 2.2.10
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109051340810458&w=2
来源: XF
名称: samba-mangling-method-bo(16786)
链接:http://xforce.iss.net/xforce/xfdb/16786
来源: TRUSTIX
名称: 2004-0039
链接:http://www.trustix.org/errata/2004/0039/
来源: SUSE
名称: SUSE-SA:2004:022
链接:http://www.novell.com/linux/security/advisories/2004_22_samba.html
来源: MANDRAKE
名称: MDKSA-2004:071
链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071
来源: GENTOO
名称: GLSA-200407-21
链接:http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml
来源: OVAL
名称: oval:org.mitre.oval:def:10461
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10461
来源: SUNALERT
名称: 57664
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57664-1
来源: SUNALERT
名称: 101584
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101584-1
来源: FEDORA
名称: FLSA:2102
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109785827607823&w=2
来源: HP
名称: SSRT4782
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109094272328981&w=2
来源: BUGTRAQ
名称: 20040722 TSSA-2004-014 – samba
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109052891507263&w=2
来源: BUGTRAQ
名称: 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109051533021376&w=2
来源: CONECTIVA
名称: CLA-2004:854
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854
来源: CONECTIVA
名称: CLA-2004:851
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
