漏洞信息详情
Samba延迟CIFS文件打开拒绝服务漏洞
- CNNVD编号:CNNVD-200702-071
- 危害等级: 中危
![图片[1]-Samba延迟CIFS文件打开拒绝服务漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2007-0452
- 漏洞类型:
其他
- 发布时间:
2007-02-05
- 威胁类型:
远程
- 更新时间:
2007-02-06
- 厂 商:
samba - 漏洞来源:
Gerald (Jerry) Car… -
漏洞简介
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba的延迟文件打开机制的实现上存在漏洞,远程攻击者可能利用此漏洞对服务器执行拒绝服务攻击。
Samba的文件服务守护程序smbd支持延迟文件打开调用。在某些环境下重新命名文件时可能没有从延迟的打开队列删除请求,这样smbd就会陷入试图处理打开请求服务的死循环。如果已认证用户打开了多个CIFS会话的话,每个会话都会生成新的smbd进程,每个连接都会陷入死循环,这样就会导致在服务器上耗尽内存和CPU资源。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Sun Solaris 10.0
Sun 119757-05
http://sunsolve.sun.com/patches/
Samba Samba 3.0.23a
Mandriva lib64smbclient0-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva lib64smbclient0-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva lib64smbclient0-static-devel-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva libsmbclient0-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva libsmbclient0-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva libsmbclient0-static-devel-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva mount-cifs-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva mount-cifs-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva nss_wins-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva nss_wins-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-3.0.23a-2.1.20060mlcs4.src.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-client-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-client-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-common-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-common-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-doc-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-doc-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-server-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-server-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-smbldap-tools-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-swat-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-swat-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-test-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-test-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-vscan-clamav-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-vscan-icap-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-vscan-icap-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-winbind-3.0.23a-2.1.20060mlcs4.i586.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Mandriva samba-winbind-3.0.23a-2.1.20060mlcs4.x86_64.rpm
Corporate 4.0:
http://www.mandriva.com/en/download
Samba Samba 3.0.23c
RedHat Fedora samba-3.0.24-1.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora samba-3.0.24-1.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora samba-3.0.24-1.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora samba-client-3.0.24-1.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora
参考网址
来源: BUGTRAQ
名称: 20070205 [SAMBA-SECURITY] CVE-2007-0452: Potential DoS against smbd in Samba 3.0.6 – 3.0.23d
链接:http://www.securityfocus.com/archive/1/archive/1/459167/100/0/threaded
来源: OSVDB
名称: 33100
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1005
来源: XF
名称: samba-smbd-filerename-dos(32301)
链接:http://xforce.iss.net/xforce/xfdb/32301
来源: UBUNTU
名称: USN-419-1
链接:http://www.ubuntu.com/usn/usn-419-1
来源: TRUSTIX
名称: 2007-0007
链接:http://www.trustix.org/errata/2007/0007
来源: BID
名称: 22395
链接:http://www.securityfocus.com/bid/22395
来源: BUGTRAQ
名称: 20070207 rPSA-2007-0026-1 samba samba-swat
链接:http://www.securityfocus.com/archive/1/archive/1/459365/100/0/threaded
来源: REDHAT
名称: RHSA-2007:0061
链接:http://www.redhat.com/support/errata/RHSA-2007-0061.html
来源: REDHAT
名称: RHSA-2007:0060
链接:http://www.redhat.com/support/errata/RHSA-2007-0060.html
来源: MANDRIVA
名称: MDKSA-2007:034
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:034
来源: GENTOO
名称: GLSA-200702-01
链接:http://www.gentoo.org/security/en/glsa/glsa-200702-01.xml
来源: VUPEN
名称: ADV-2007-1278
链接:http://www.frsirt.com/english/advisories/2007/1278
来源: VUPEN
名称: ADV-2007-0483
链接:http://www.frsirt.com/english/advisories/2007/0483
来源: DEBIAN
名称: DSA-1257
链接:http://www.debian.org/security/2007/dsa-1257
来源: us1.samba.org
链接:http://us1.samba.org/samba/security/CVE-2007-0452.html
来源: SUNALERT
名称: 200588
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200588-1
来源: SLACKWARE
名称: SSA:2007-038-01
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.476916
来源: SECTRACK
名称: 1017587
链接:http://securitytracker.com/id?1017587
来源: SREASON
名称: 2219
链接:http://securityreason.com/securityalert/2219
来源: SECUNIA
名称: 24792
链接:http://secunia.com/advisories/24792
来源: SECUNIA
名称: 24284
链接:http://secunia.com/advisories/24284
来源: SECUNIA
名称: 24188
链接:http://secunia.com/advisories/24188
来源: SECUNIA
名称: 24151
链接:http://secunia.com/advisories/24151
来源: SECUNIA
名称: 24145
链接:http://secunia.com/advisories/24145
来源: SECUNIA
名称: 24140
链接:http://secunia.com/advisories/24140
来源: SECUNIA
名称: 24101
链接:http://secunia.com/advisories/24101
来源: SECUNIA
名称: 24076
链接:http://secunia.com/advisories/24076
来源: SECUNIA
名称: 24067
链接:http://secunia.com/advisories/24067
来源: SECUNIA
名称: 24060
链接:http://secunia.com/advisories/24060
来源: SECUNIA
名称: 24046
链接:http://secunia.com/advisories/24046
来源: SECUNIA
名称: 24030
链接:http://secunia.com/advisories/24030
来源: SECUNIA
名称: 24021
链接:http://secunia.com/advisories/24021
来源: SUSE
名称: SUSE-SA:2007:016
链接:http://lists.suse.com/archive/suse-security-announce/2007-Feb/0002.html
来源: HP
名称: SSRT071341
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00943462
来源: MANDRIVA
名称: MDKSA-2007:034
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2007:034
来源: FEDORA
名称: FEDORA-2007-220
链接:http://fedoranews.org/cms/node/2580
来源: FEDORA
名称: FEDORA-2007-219
链接:http://fedoranews.org/cms/node/2579
来源: SGI
名称: 20070201-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
