Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Samba
Опубликовано:14 октября 2009 г.
Источник:
SecurityVulns ID:10322
Тип:удаленная
Уровень опасности:
6/10
Описание:Локальный доступ к файлам, DoS, несанкционированный доступ.
Затронутые продукты:SAMBA : Samba 3.0
 SAMBA : Samba 3.2
 SAMBA : Samba 3.1
 SAMBA : Samba 3.3
 SAMBA : Samba 3.4
CVE:CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8 and 3.4 before 3.4.2, when mount.cifs is installed suid root, does not properly enforce permissions, which allows local users to read part of the credentials file and obtain the password by specifying the path to the credentials file and using the --verbose or -v option.)
 CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, and 3.4 before 3.4.2 allows remote authenticated users to cause a denial of service (infinite loop) via an unanticipated oplock break notification reply packet.)
 CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and 3.0.12 through 3.0.36, as used in the SMB subsystem in Apple Mac OS X 10.5.8 when Windows File Sharing is enabled, Fedora 11, and other operating systems, does not properly handle errors in resolving pathnames, which allows remote authenticated users to bypass intended sharing restrictions, and read, create, or modify files, in certain circumstances involving user accounts that lack home directories.)
Оригинальный текстdocumentDEBIAN, [SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities (14.10.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород