Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
Samba的NDR函数实现上存在漏洞,远程攻击者可能利用此漏洞控制Samba服务器。
Samba没有正确地验证发送给多个RPC接口的RPC请求,在解析对LsarAddPrivilegesToAccount、DFSEnum、RFNPCNEX、NetSetFileSecurity和LsarLookupSids/LsarLookupSids2的请求时,堆分配是基于用户输入计算的,因此攻击者可以通过指定无效的值覆盖堆块,导致执行任意代码。
解决方法
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
Ubuntu
----------------
USN-460-1: [USN-460-1] Samba vulnerabilities
链接: https://www.ubuntu.com/usn/usn-460-1
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2007-2446
CentOS
----------------
CESA-2007:0354: CESA-2007:0354 Critical CentOS 3 i386 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013755.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 3 x86_64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013756.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 5 i386 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013759.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 5 x86_64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013760.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 3 ia64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013762.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 4 ia64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013763.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 3 s390(x) samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013765.html
CESA-2007:0354: CESA-2007:0354 Critical CentOS 4 s390(x) samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-May/013766.html
Gentoo
----------------
GLSA-200705-15: Samba: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/200705-15
FreeBSD
----------------
3546a833-03ea-11dc-a51d-0019b95d4f14: samba -- multiple vulnerabilities
链接: http://vuxml.freebsd.org/freebsd/3546a833-03ea-11dc-a51d-0019b95d4f14.html
Slackware
----------------
SSA:2007-134-01: [slackware-security] samba (SSA:2007-134-01)
链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.475906
openSUSE
----------------
SUSE-SA:2007:031: SUSE Security Announcement: samba security problems (SUSE-SA:2007:031)
链接: https://lists.opensuse.org/opensuse-security-announce/2007-05/msg00002.html
Fedora
----------------
FEDORA-2007-506: Fedora Core 5 Update: samba-3.0.24-5.fc5
链接: https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001729.html
FEDORA-2007-507: Fedora Core 6 Update: samba-3.0.24-5.fc6
链接: https://lists.fedoraproject.org/pipermail/package-announce/2007-May/001730.html
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2007-2446.html
Debian
----------------
DSA-1291: DSA-1291-1 samba -- several vulnerabilities
链接: https://www.debian.org/security/2007/dsa-1291