Samba NMBD登录请求远程溢出漏洞(CVE-2007-4572)

其他 2019-05-20 10:42:37 阅读次数: 0
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
Samba的nmbd在处理GETDC登录服务器请求时存在缓冲区溢出漏洞,可能导致非预期的服务器行为。
如果远程攻击者发送了畸形的GETDC请求的话就可以触发这个漏洞,但无法利用这个溢出执行任意指令,在大多数情况下也不会导致Samba服务器崩溃。仅在将Samba服务器配置为主或备份域控制器时才会出现这个漏洞。
解决方法
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
Ubuntu
----------------
USN-617-1: [USN-617-1] Samba vulnerabilities
链接: https://www.ubuntu.com/usn/usn-617-1
USN-544-2: [USN-544-2] Samba regression
链接: https://www.ubuntu.com/usn/usn-544-2
USN-544-1: [USN-544-1] Samba vulnerabilities
链接: https://www.ubuntu.com/usn/usn-544-1
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2007-4572
CentOS
----------------
CESA-2007:1016: CESA-2007:1016 Critical CentOS 4 ia64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-November/014428.html
CESA-2007:1013: CESA-2007:1013 Critical CentOS 3 i386 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-November/014437.html
CESA-2007:1013: CESA-2007:1013 Critical CentOS 3 x86_64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-November/014438.html
CESA-2007:1016: CESA-2007:1016 Critical CentOS 4 s390(x) samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-November/014442.html
CESA-2007:1013: CESA-2007:1013 Critical CentOS 3 ia64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-November/014444.html
CESA-2007:1013: CESA-2007:1013 Critical CentOS 3 s390(x) samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-November/014448.html
Gentoo
----------------
GLSA-200711-29: Samba: Execution of arbitrary code
链接: https://security.gentoo.org/glsa/200711-29
FreeBSD
----------------
a63b15f9-97ff-11dc-9e48-0016179b2dd5: samba -- multiple vulnerabilities
链接: http://vuxml.freebsd.org/freebsd/a63b15f9-97ff-11dc-9e48-0016179b2dd5.html
Slackware
----------------
SSA:2007-320-01: [slackware-security] samba (SSA:2007-320-01)
链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.447739
openSUSE
----------------
SUSE-SA:2007:065: SUSE Security Announcement: samba (SUSE-SA:2007:065)
链接: https://lists.opensuse.org/opensuse-security-announce/2007-12/msg00003.html
Fedora
----------------
FEDORA-2007-3402: Fedora 7 Update: samba-3.0.27-0.fc7
链接: https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004876.html
FEDORA-2007-3403: Fedora 8 Update: samba-3.0.27-0.fc8
链接: https://lists.fedoraproject.org/pipermail/package-announce/2007-November/004908.html
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2007-4572.html
Debian
----------------
DSA-1409: DSA-1409-3 samba -- several vulnerabilities
链接: https://www.debian.org/security/2007/dsa-1409

猜你喜欢

转载自www.cnblogs.com/mrhonest/p/10892686.html
今日推荐
周排行
Leetcode简单题61~80
解决zookeeper磁盘IO高的问题
多线程相关方法详解
Maven-setting.xml文件详解
Maven 项目的 classpath 理解
渊亭科技大数据笔试题
配置JVM内存分配
计算机网络个人学习笔记 (三)网络层 :第三部分 连载
js中两个等号(==)和三个等号(===)的区别
用C程序自动打开电脑上的程序
每日归档
更多
2024-09-18(0)
2024-09-17(0)
2024-09-16(0)
2024-09-15(0)
2024-09-14(0)
2024-09-13(0)
2024-09-12(0)
2024-09-11(0)
2024-09-10(0)
2024-09-09(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022