安全研究
安全漏洞
Samba REG写文件竞争条件漏洞
发布日期:2003-03-15
更新日期:2003-04-01
受影响系统:
Samba Samba 2.2.7不受影响系统:
Samba Samba 2.2.6
Samba Samba 2.2.5
Samba Samba 2.2.4
Samba Samba 2.2.3
Samba Samba 2.2.2
Samba Samba 2.2.0a
Samba Samba 2.2.0
Samba Samba 2.0.9
Samba Samba 2.0.8
Samba Samba 2.0.7
Samba Samba 2.0.6
Samba Samba 2.0.5
Samba Samba 2.0.4
Samba Samba 2.0.3
Samba Samba 2.0.2
Samba Samba 2.0.10
Samba Samba 2.0.1
Samba Samba 2.0.0
Samba Samba 2.2.7a
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Conectiva Linux 8.0
- Debian Linux 3.0
- Mandrake Linux Corporate Server 2.1
- Mandrake Linux 9.0
- Mandrake Linux 8.2
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 8.0
- SuSE Linux 8.1
Samba Samba 2.2.8描述:
BUGTRAQ ID: 7107
CVE(CAN) ID: CVE-2003-0086
Samba是一套实现SMB(Server Messages Block)协议,跨平台进行文件共享和打印共享服务的程序。
Samba在写reg文件时存在竞争条件漏洞,本地攻击者可以利用这个漏洞覆盖任意文件,产生拒绝服务攻击。
Samba在写reg文件时由于产生临时文件不安全,攻击者可以通过建立符号连接指向系统重要文件,当程序执行的时候可导致目标文件被破坏,可能利用提升权限。目前没有提供详细漏洞细节。
<*来源:Michael Walton (mwalton@abilene.com)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104793549228757&w=2
https://www.redhat.com/support/errata/RHSA-2003-095.html
http://www.debian.org/security/2003/dsa-262
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:032
ftp://patches.sgi.com/support/free/security/advisories/20030302-01-I
*>
建议:
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:032)以及相应补丁:
MDKSA-2003:032:samba
链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:032
补丁下载:
Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Corporate Server 2.1.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0/PPC.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0/PPC.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0/PPC.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0/PPC.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.0/PPC.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.ia64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1/IA64.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.ia64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1/IA64.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.ia64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1/IA64.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.ia64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1/IA64.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.ia64.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.1/IA64.
Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2.
Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC.
Mandrake Upgrade nss_wins-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-doc-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-server-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-swat-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-winbind-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 9.0.
Mandrake Upgrade samba-client-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Multi Network Firewall 8.2.
Mandrake Upgrade samba-common-2.2.7a-8.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Multi Network Firewall 8.2.
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:095-02)以及相应补丁:
RHSA-2003:095-02:New samba packages fix security vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2003-095.html
补丁下载:
Red Hat Upgrade samba-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-2.2.7-2.7.2.i386.rpm
Red Hat Upgrade samba-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-2.2.7-2.7.2.ia64.rpm
Red Hat Upgrade samba-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-2.2.7-2.7.3.i386.rpm
Red Hat Upgrade samba-2.2.7-4.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/samba-2.2.7-4.8.0.i386.rpm
Red Hat Upgrade samba-client-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-client-2.2.7-2.7.2.i386.rpm
Red Hat Upgrade samba-client-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-client-2.2.7-2.7.2.ia64.rpm
Red Hat Upgrade samba-client-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-client-2.2.7-2.7.3.i386.rpm
Red Hat Upgrade samba-common-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-common-2.2.7-2.7.2.i386.rpm
Red Hat Upgrade samba-common-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-common-2.2.7-2.7.2.ia64.rpm
Red Hat Upgrade samba-common-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-common-2.2.7-2.7.3.i386.rpm
Red Hat Upgrade samba-common-2.2.7-4.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/samba-common-2.2.7-4.8.0.i386.rpm
Red Hat Upgrade samba-swat-2.2.7-2.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/samba-swat-2.2.7-2.7.2.i386.rpm
Red Hat Upgrade samba-swat-2.2.7-2.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/samba-swat-2.2.7-2.7.2.ia64.rpm
Red Hat Upgrade samba-swat-2.2.7-2.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/samba-swat-2.2.7-2.7.3.i386.rpm
Red Hat Upgrade samba-swat-2.2.7-4.8.0.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/samba-swat-2.2.7-4.8.0.i386.rpm
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2003:015)以及相应补丁:
SuSE-SA:2003:015:samba, samba-client
链接:
补丁下载:
SuSE Upgrade smbclnt-2.0.10-21.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n1/smbclnt-2.0.10-21.ppc.rpm
SuSE Upgrade samba-2.0.10-21.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/n2/samba-2.0.10-21.ppc.rpm
SuSE Upgrade smbclnt-2.0.10-21.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n1/smbclnt-2.0.10-21.alpha.rpm
SuSE Upgrade samba-2.0.10-21.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/n2/samba-2.0.10-21.alpha.rpm
SuSE Upgrade smbclnt-2.0.10-27.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n1/smbclnt-2.0.10-27.i386.rpm
SuSE Upgrade samba-2.0.10-27.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/n2/samba-2.0.10-27.i386.rpm
SuSE Upgrade smbclnt-2.2.0a-48.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/smbclnt-2.2.0a-48.i386.rpm
SuSE Upgrade samba-2.2.0a-48.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/samba-2.2.0a-48.i386.rpm
SuSE Upgrade samba-2.2.1a-213.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/samba-2.2.1a-213.i386.rpm
SuSE Upgrade samba-2.2.1a-73.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/samba-2.2.1a-73.sparc.rpm
SuSE Upgrade samba-client-2.2.1a-147.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/samba-client-2.2.1a-147.ppc.rpm
SuSE Upgrade samba-client-2.2.1a-213.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/samba-client-2.2.1a-213.i386.rpm
SuSE Upgrade samba-client-2.2.1a-73.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/samba-client-2.2.1a-73.sparc.rpm
SuSE Upgrade samba-2.2.1a-147.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/samba-2.2.1a-147.ppc.rpm
SuSE Upgrade samba-2.2.3a-169.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/samba-2.2.3a-169.i386.patch.rpm
SuSE Upgrade samba-2.2.3a-169.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n2/samba-2.2.3a-169.i386.rpm
SuSE Upgrade samba-client-2.2.3a-169.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/samba-client-2.2.3a-169.i386.patch.rpm
SuSE Upgrade samba-client-2.2.3a-169.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/samba-client-2.2.3a-169.i386.rpm
SuSE Upgrade samba-2.2.5-160.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.5-160.i586.patch.rpm
SuSE Upgrade samba-2.2.5-160.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-2.2.5-160.i586.rpm
SuSE Upgrade samba-client-2.2.5-160.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-client-2.2.5-160.i586.patch.rpm
SuSE Upgrade samba-client-2.2.5-160.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/samba-client-2.2.5-160.i586.rpm
Samba
-----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
Samba Upgrade Samba 2.2.8
http://download.samba.org/samba/ftp/
浏览次数:3583
严重程度:0(网友投票)
绿盟科技给您安全的保障