Samba SMB1报文链接远程内存破坏漏洞(CVE-2010-2063)
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
Samba的process.c文件中chain_reply函数处理链接SMB1报文时没有正确地验证客户端所提供的输入字段,恶意客户端可以向Samba服务器发送特制的SMB报文触发堆内存破坏,导致以Samba服务器(smbd)的权限执行任意代码。利用这个漏洞无需认证,且samba的默认配置便受这个漏洞影响。
<*来源:Jun Mao
链接:http://secunia.com/advisories/40145/
http://www.samba.org/samba/security/CVE-2010-2063.html
https://rhn.redhat.com/errata/RHSA-2010-0488.html
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873
*>
解决方法
以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告,可以参考对应系统的安全公告修复该漏洞:
Ubuntu
----------------
USN-951-1: [USN-951-1] Samba vulnerability
链接: https://www.ubuntu.com/usn/usn-951-1
Red Hat Enterprise Linux
----------------
链接: https://access.redhat.com/security/cve/CVE-2010-2063
CentOS
----------------
CESA-2010:0488: CESA-2010:0488 Critical CentOS 3 i386 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2010-August/016910.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 3 x86_64 samba - security update
链接: https://lists.centos.org/pipermail/centos-announce/2010-August/016911.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 4 i386 samba Update
链接: https://lists.centos.org/pipermail/centos-announce/2010-July/016787.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 4 x86_64 samba Update
链接: https://lists.centos.org/pipermail/centos-announce/2010-July/016788.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 5 i386 samba Update
链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016734.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 5 x86_64 samba Update
链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016733.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 5 i386 samba3x Update
链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016737.html
CESA-2010:0488: CESA-2010:0488 Critical CentOS 5 x86_64 samba3x Update
链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016738.html
Gentoo
----------------
GLSA-201206-22: Samba: Multiple vulnerabilities
链接: https://security.gentoo.org/glsa/201206-22
Slackware
----------------
SSA:2010-169-01: [slackware-security] samba (SSA:2010-169-01)
链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914
openSUSE
----------------
SUSE-SA:2010:025: SUSE Security Announcement: Samba (SUSE-SA:2010:025)
链接: https://lists.opensuse.org/opensuse-security-announce/2010-07/msg00000.html
openSUSE-SU-2010:0346-1: openSUSE Security Update: samba: Fixed various security issues
链接: https://lists.opensuse.org/opensuse-updates/2010-06/msg00011.html
Oracle Linux
----------------
链接: https://linux.oracle.com/cve/CVE-2010-2063.html
Debian
----------------
DSA-2061: DSA-2061-1 samba -- memory corruption
链接: https://www.debian.org/security/2010/dsa-2061
