Samba Send_MailSlot函数远程栈溢出漏洞(CVE-2007-6015)

Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
 
Samba的send_mailslot()函数中存在安全漏洞,远程攻击者可能利用此漏洞控制服务器。
 
如果远程攻击者所发送的特制SAMLOGON域登录报文中在奇数偏移包含有用户名字符串,然后跟随有超长GETDC字符串的话,就可能用全0的字节覆盖栈缓冲区。成功攻击允许执行任意代码,但要求打开了domain logons选项。
 
<*来源:Alin Rad Pop
  
  链接:http://marc.info/?l=bugtraq&m=119731525329968&w=2
        http://secunia.com/secunia_research/2007-99/advisory/
        https://rhn.redhat.com/errata/RHSA-2007-1114.html
        https://rhn.redhat.com/errata/RHSA-2007-1117.html
        http://security.gentoo.org/glsa/glsa-200712-10.xml
        http://www.debian.org/security/2007/dsa-1427
*>
 
 
 
 
解决方法
 
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
 
Ubuntu
----------------
USN-556-1: [USN-556-1] Samba vulnerability
链接: https://www.ubuntu.com/usn/usn-556-1
 
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2007-6015
 
CentOS
----------------
CESA-2007:1114: CESA-2007:1114 Critical CentOS 3 ia64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014490.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 4 ia64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014492.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 3 i386 samba - security and bug fix update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014494.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 3 x86_64 samba - security and bug fix update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014495.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 3 s390(x) samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014498.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 4 s390(x) samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014499.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 5 i386 samba Update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014504.html
CESA-2007:1114: CESA-2007:1114 Critical CentOS 5 x86_64 samba Update
链接: https://lists.centos.org/pipermail/centos-announce/2007-December/014503.html
 
Gentoo
----------------
GLSA-200712-10: Samba: Execution of arbitrary code
链接: https://security.gentoo.org/glsa/200712-10
 
FreeBSD
----------------
ffcbd42d-a8c5-11dc-bec2-02e0185f8d72: samba -- buffer overflow vulnerability
链接: http://vuxml.freebsd.org/freebsd/ffcbd42d-a8c5-11dc-bec2-02e0185f8d72.html
 
Slackware
----------------
SSA:2007-344-01: [slackware-security] samba (SSA:2007-344-01)
链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2007&m=slackware-security.451554
 
openSUSE
----------------
SUSE-SA:2007:068: SUSE Security Announcement: samba (SUSE-SA:2007:068)
链接: https://lists.opensuse.org/opensuse-security-announce/2007-12/msg00006.html
 
Fedora
----------------
FEDORA-2007-4269: Fedora 7 Update: samba-3.0.28-0.fc7
链接: https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005766.html
FEDORA-2007-4275: Fedora 8 Update: samba-3.0.28-0.fc8
链接: https://lists.fedoraproject.org/pipermail/package-announce/2007-December/005770.html
 
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2007-6015.html
 
Debian
----------------
DSA-1427: DSA-1427-1 samba -- buffer overflow
链接: https://www.debian.org/security/2007/dsa-1427
posted @ 2019-05-20 10:31  mrhonest  阅读(520)  评论(0)    收藏  举报