Debian 安全警報
DSA-1908-1 samba -- 多個安全漏洞
- 報告日期:
- 2009/10/14
- 受影響的軟體:
- samba
- 可被襲擊:
- 是
- 參考的安全性資料庫:
- 在 Mitre's CVE 的目錄中: CVE-2009-2948, CVE-2009-2906, CVE-2009-2813.
- 更詳盡的資訊:
-
Samba 已被發現多個安全漏洞,samba 是 Unix 系統上的 SMB/CIFS 通訊協定實作,提供與其他作業系統跨平臺的檔案與列印分享以及更多支援。 國際安全組織 CVE (Common Vulnerability and Exposure) 找到以下問題:
- CVE-2009-2948
當 mount.cifs 實用工具處於詳細模式 (verbose mode) 時,缺少妥善的檔案權限檢查。這會允許本機端使用者以指定檔案做為憑證檔並企圖掛載 samba 分享,洩漏部份任意內容。
- CVE-2009-2906
回應 samba 非預期的 oplock 中斷 (break) 通知,可能會導致服務陷入無窮迴圈。攻擊者可以使用這個漏洞,經由特別精心製作的 SMB 請求 (request) 執行阻斷服務 (DoS) 攻擊。
- CVE-2009-2813
缺乏對於沒有為使用者建構或指定家目錄情況的錯誤處理,這可能會導致檔案洩漏。在 [homes] 自動啟用分享或以使用者名稱直接建立分享的情況之下,samba 沒有強制執行分享限制 ,這導致攻擊者能從根目錄存取檔案系統。
對於 oldstable distribution (etch),這個問題很快會被修正。
對於 stable distribution (lenny),這個問題已在 2:3.2.5-4lenny7 版被修正。
對於 testing distribution (squeeze),這個問題很快會被修正。
對於 unstable distribution (sid),這個問題已在 2:3.4.2-1 版被修正。
我們建議你升級你的 samba 套件。
- CVE-2009-2948
- 修改於:
-
Debian GNU/Linux 5.0 (lenny)
- 來源:
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz
- 與硬體無關的元件:
- http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb
- ARM EABI:
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb
- Big-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb
- Sun Sparc:
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb
- http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb
列出的檔案的 MD5 檢查可以由 original advisory 取得。