安全研究
安全漏洞
Samba MS-RPC远程Shell命令注入执行漏洞
发布日期:2007-05-14
更新日期:2007-05-15
受影响系统:
Samba Samba 3.0.0 - 3.0.25rc3描述:
BUGTRAQ ID: 23972
CVE(CAN) ID: CVE-2007-2447
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
Samba在处理用户数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。
Samba中负责在SAM数据库更新用户口令的代码未经过滤便将用户输入传输给了/bin/sh。如果在调用smb.conf中定义的外部脚本时,通过对/bin/sh的MS-RPC调用提交了恶意输入的话,就可能允许攻击者以nobody用户的权限执行任意命令。
<*来源:Joshua J. Drake
链接:http://marc.info/?l=bugtraq&m=117916578125483&w=2
http://www.kb.cert.org/vuls/id/268336
http://secunia.com/advisories/25772/
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=534
http://lwn.net/Alerts/234272/?format=printable
http://www.debian.org/security/2007/dsa-1291
http://security.gentoo.org/glsa/glsa-200705-15.xml
http://www.debian.org/security/2007/dsa-1291
http://r.your.hp.com/r/c/r?2.1.HX.2XR.1M92gO.CoA0WS..T.Ek4M.25qa.DOAaEWa0
*>
建议:
临时解决方法:
* 从smb.conf文件删除username map script选项。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1291-2)以及相应补丁:
DSA-1291-2:New samba packages fix multiple vulnerabilities
链接:http://www.debian.org/security/2007/dsa-1291
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6.diff.gz
Size/MD5 checksum: 122946 4f8326351368c07b9ff7e4925f65bc64
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a.orig.tar.gz
Size/MD5 checksum: 15605851 ebee37e66a8b5f6fd328967dc09088e8
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6.dsc
Size/MD5 checksum: 1081 c3bcc5438c9dc922f5ac9bc75bf825cb
Architecture independent packages:
http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.14a-3sarge6_all.deb
Size/MD5 checksum: 12117076 75895a83ad2be113b383bdf4d5f16c24
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 3128680 fdc226d93c10ffb386b3c9bcff83314e
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 3251018 e3eb57b061d45bc4fd20083292cf2075
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 20269380 bf7af04d9d769277c42e004fafd908a1
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 5237292 ca9d898183187b3db37131b8be456c65
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 659878 4b35df8ced7e2aea0080c1aed7c0f9eb
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 4223662 5401c52bda1aee10d4c919b794c69f9a
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 1015318 dadfd640543ef97d00b438d2e6c6cab9
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 402080 6025f427e4f2079a9a3c0d38ccff2590
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 2408536 f3dc91c30a136ccc0258fb46717d1100
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 459420 47640a2054996e789d30e4b87bd89dfe
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_alpha.deb
Size/MD5 checksum: 1824256 c8318790e5753f909c1357077a1aa9e7
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 410744 71f863e69b711158d0554b9ab0bdea91
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 2194602 d7fdf1b2bbc022c2c28f2fc144150423
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 2809708 1c458a57b0d71ce87c351604b1b09a56
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 2867578 6fe353c5220415d216c226752380ad92
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 5201452 73c761829c2028d8d6cd1d0a8bb9b928
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 4122944 03995b1619ebffc05601b55bb3e869f5
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 795870 b0d51fd313d908298961395772ef99fa
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 599934 847f20d894b61f575528e2e6f6898548
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 1651498 e250dc0f25b07079f1b9c833bfd8a1d4
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 381356 431107c30553acd4f5637e72c8f2c26a
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_amd64.deb
Size/MD5 checksum: 6490828 34d990ccb6b1b48e3d61d10df992ad84
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 2558752 841332d7eff8b8f1416d5749075d80b8
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 2010338 e3c136a12ddefbe00917a28f4ab2654c
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 341592 2305704f6250b2edd2a45df0cd5c1815
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 376050 b0d1d9de768403b6fa3831f2ceefe5a1
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 4064504 66256fbb01e48dddefbcafda6bf7f728
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 4649064 231acbdc63203063cfda4c1aace344b7
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 1484410 6c45402cb53b5e2133bd1aa3fef39fc1
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 823012 d4ba7d8848eb04177cd35800bc1fcd41
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 2598164 46427726913eb28866fd746189c73c22
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 544988 c8b5d252a6e9da10e4fb9978a74e2eee
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_arm.deb
Size/MD5 checksum: 6666782 dfa95b7f0526948b88e9dfd131d1f05c
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 417204 6aad398b42d7e937ee7f85922f25b36e
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 644022 817df944f0b763bd1fbc7ec53de09ae8
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 1691330 969db308415104350a39677cba2c3457
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 895006 6315efe06f7f1a2c500b74cbdee2b7af
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 404068 cc8cbd0825b730f531b1fa3d46408ebb
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 2917062 d5ed7631a01252410e69a41588283247
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 2216138 c5e805c7267967b62058868e901a0acb
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 5552058 fd743858d77e5fd5a044db4686b5d0c4
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 4134882 6008872c967aaa32c1047689cf6a5b78
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 2866374 c94110770a67b05eeeed4adc86d0f416
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_hppa.deb
Size/MD5 checksum: 6469082 b94de6b7e6b499288a78206f3722e6a8
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 4059030 e90fd2bf75afc2571ab0b6b86f34abc7
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 370796 1648054136295986f00048e07c861e8a
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 347478 489604b1c715e836a1e64f3d48db16e5
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 6678150 48ec7bb648ec804625f3eb7e14b65900
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 4744328 bedc594807490934c9d415e73c683f7f
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 2007068 7d76ea95b261c395799bd3ccc0a7cc3a
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 737268 98bfe76a1291310ab473c1b302af14c0
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 1484096 a8aa1003a42b5a168be74c6efc98dd88
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 2554240 82e96c6c31f35a698c0701889f2d76f3
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 2566558 d30b83341b53754e875f580c56357056
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_i386.deb
Size/MD5 checksum: 549188 a4d2711596e34cfcf4babd6e1a5308b8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 754684 293e11b397ac9eb32f15d5aab691aff3
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 473240 fe4150c635fa517b0f2aebd783799c10
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 3817758 5f8f53ba7b8ec836eb6cc8b6e0fb731c
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 2212786 ded6e5762e0f377a0f8c9cbff28a719d
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 4362502 3e2e4e03d606ac7a181c7759e4938384
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 1035496 260aae25622eabda48c16921d72b25a0
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 3924906 8b89883eeaf0a56abb03eb463c292412
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 2854988 597968f7acc92b82c6f17c81af6bce7d
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 675066 ba723c5c04022ca32460e730b81dd813
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 548102 1ab76c9bf18dd58d173318756dd5d676
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_ia64.deb
Size/MD5 checksum: 6626906 4f31c6792d8a7ffd5c9537ac4b9f7ca1
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 520938 2cd5cda7d355e7455f1020ccffb2d839
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 329972 1b6ce06ff69be51d97fd00dbf5af1b1b
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 2223178 2fe0834d6be01470516b5915fe77748c
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 335120 6a5c9e36624f2b7081034bcce3d35447
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 3973490 86de9bbb717c00db2d6b6176b409af43
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 2234712 a24a622f3982744f197d0b0245676a9d
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 4548744 e69d79c409971910a45f1ed1458dcfbb
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 1782636 20ea74088904fcb303bb53bb1da4b8fb
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 1314838 2c0ddc296f0899e7373135d80a60fca1
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 656726 0b0f69d7594b4f633796af6b28eff430
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_m68k.deb
Size/MD5 checksum: 6333346 e22172ffc5b708e755cda6ae15737ca0
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 2157738 2bb2b32db963fe7314cf6c0c87bb5260
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 2824042 884d18263dc77be4752dbbf81198a516
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 4104974 891cea3efbfcb1b5d4bd49210713fead
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 2778894 f7e8433c410e5d4ee8282689e3232bb8
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 356680 83abc34808541504ba2eb88d95004c97
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 4668928 886bad4338e06f4f4405699521dae558
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 1605954 c16ee4fbd1aa294feab0ddd819299a03
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 821674 533cdf1eb4eefd48a8c54e5c3b7bee84
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 556238 a7d597fc46c1720ac3151ff51b169016
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 412396 1e1b09ff4c593641d4682ad23a8fb7dc
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_mips.deb
Size/MD5 checksum: 6763000 0cec083abea75f5ada12b59d03f7bb21
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 2819746 261649678421d597d04ff90cae66bb96
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 813366 559ad8da40e56eaca2ddfdabbf1aff47
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 411316 7cfff3bb62a7b63802ca84f64b23662c
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 2780008 da8d77ac13a92c3c477fc9965464806b
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 4654562 c61675536800dd18b9ca4dbbe1342b32
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 2153928 f53bfb5aec6ca9d9bddb20e6e94dc1f9
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 4103248 f014649805165e64ead7c72208ec7352
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 1602988 496d2b9b942ae186d06eed2a5cb4eb36
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 355644 c9b7f2de8b80e21cc29e235d75ba559a
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 6577454 12a0b66d1227d0a1340685ad7da447f2
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_mipsel.deb
Size/MD5 checksum: 553974 a1f050713cbf6fe665c3fbe1bad757dd
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 5012896 89858637ec9126006671f9c183c980c5
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 2774662 ffca27b98f00de48269ba573a7c7d415
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 591660 9e8dd1da27f9fff7f6f6c8d128b491bb
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 737272 10ff77cf09402e3a6bf21c7776957c6f
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 1614186 ffebe1adf0ff594f38920c0f0069352c
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 2826574 df361572386b5f4b0f32b998ca2e8617
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 406886 190eb0e71374868ab714137ce4d73c79
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 6864912 430e437f38e198da16934ab1b608909e
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 368528 745ffef64ef68791d02b9dc9e501aded
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 2156232 036eeab7523998b3e0c122a422aadaf7
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_powerpc.deb
Size/MD5 checksum: 4112916 fb301d52d77b3ac2b48560e1bd8638f9
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 5288018 f70a5ef7cad883589dd767f9c5fd4c08
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 2776458 8decbd733fb27f29f35bd907da2683f9
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 6840734 a41e848412a94ea7e75123b454246c0b
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 797088 587e267beb026ee294e87f9e0a415b27
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 604388 6d174151e884f52b60dcbd0aebdf8f04
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 2725924 e58591f81d84022ebcaec72339dddf8b
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 4093040 1d9de96b0e8f88114629d6ebae316489
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 386128 b96a29176d452eacaaa5ea9ee90bad5e
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 2124184 c54efd2cdbe3af57b1dacc9d343259e1
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 404818 8427840b736995ad0e86eb3101eb6ce0
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_s390.deb
Size/MD5 checksum: 1614504 419e09d7823d70ee7e7554b6f2109409
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/samba/samba_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 2524918 877106ee743173e8e852ff74bbf2f8a5
http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 356144 7f54481c83240921ca014cc3b866956b
http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 1979316 2b2e23b8a6e306af8bd59d54c9d87a4f
http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 2544530 fdbcdee922e63cfc506352af03bd5fbc
http://security.debian.org/pool/updates/main/s/samba/python2.3-samba_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 4864656 2ab6df5285fa19130f75517f17e4918b
http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 371568 a4e67707ab9e4e36abbf84236f4bc2a8
http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 6351842 29979a3a3810d44b2a68fb730052971f
http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 1478036 92a656e2f0a25597bf1bb0d1f2c39fd4
http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 796818 62fb2b156cf8a11799ca3aeb0a72a668
http://security.debian.org/pool/updates/main/s/samba/swat_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 4057466 91b5469c1de264239a0178cbcf1ad5f1
http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.14a-3sarge6_sparc.deb
Size/MD5 checksum: 561490 6d5edccbf41e446ebd5028d6ce9dd4e5
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
HP
--
HP已经为此发布了一个安全公告(HPSBUX02218)以及相应补丁:
HPSBUX02218:SSRT071424 rev.1 - HP-UX running CIFS Server (Samba), Remote Arbitrary Code Execution
链接:http://r.your.hp.com/r/c/r?2.1.HX.2XR.1M92gO.CoA0WS..T.Ek4M.25qa.DOAaEWa0
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2007:0354-01)以及相应补丁:
RHSA-2007:0354-01:Critical: samba security update
链接:http://lwn.net/Alerts/234272/?format=printable
Samba
-----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.samba.org/samba/ftp/patches/security/samba-3.0.24-CVE-2007-2447.patch
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200705-15)以及相应补丁:
GLSA-200705-15:Samba: Multiple vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200705-15.xml
所有Samba用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-fs/samba-3.0.24-r2"
浏览次数:5308
严重程度:0(网友投票)
绿盟科技给您安全的保障