Рекомендация Debian по безопасности
DSA-1291-1 samba -- несколько уязвимостей
- Дата сообщения:
- 15.05.2007
- Затронутые пакеты:
- samba
- Уязвим:
- Да
- Ссылки на базы данных по безопасности:
- В каталоге Mitre CVE: CVE-2007-2444, CVE-2007-2446, CVE-2007-2447.
- Более подробная информация:
-
В Samba, реализации файлового сервера и сервера печати SMB/CIFS для GNU/Linux, было обнаружено несколько уязвимостей.
- CVE-2007-2444
При переводе SID в/из имён, используя локальный список пользователей Samba и учётных записей групп, логическая ошибка во внутреннем стеке безопасности службы smbd может приводить к переходу к уровню идентификатора суперпользователя, а не уровню пользователя, отличного от суперпользователя. Далее, пользователь может временно производить операции по протоколу SMB/CIFS от лица суперпользователя. Данная возможность может позволить злоумышленнику установить дополнительные возможности получения прав суперпользователя на сервере.
- CVE-2007-2446
Различные ошибки в коде для грамматического разбора NDR в Samba могут позволить пользователю отправлять специально сформированные запросы MS-RPC, которые приведут к перезаписи пространства динамической памяти пользовательскими данными.
- CVE-2007-2447
Введённые пользователем неэкранированные параметры передаются в качестве аргументов /bin/sh, что позволяет удалённо выполнять команды.
В стабильном выпуске (etch) эти проблемы были исправлены в версии 3.0.24-6etch1.
В тестируемом и нестабильном выпусках (lenny и sid, соответственно) эти проблемы были исправлены в версии 3.0.25-1.
Рекомендуется обновить пакет samba.
- CVE-2007-2444
- Исправлено в:
-
Debian GNU/Linux 4.0 (etch)
- Исходный код:
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24.orig.tar.gz
- Независимые от архитектуры компоненты:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.0.24-6etch1_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch1_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.0.24-6etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_arm.deb
- HPPA:
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/python-samba_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.0.24-6etch1_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.0.24-6etch1_sparc.deb
Контрольные суммы MD5 этих файлов доступны в исходном сообщении.