Pronađena ranjivost programskog paketa samba

Ispravljen je sigurnosni propust uočen u radu programskog paketa Samba. Zlonamjerni udaljeni korisnik može iskoristiti propust za izazivanje stanja uskraćivanja usluge (DoS) i izvršavanje proizvoljnog programskog koda.

Paket:	Samba 3.x
Operacijski sustavi:	Mandriva Linux Enterprise Server 5.0
Kritičnost:	5.8
Problem:	preljev međuspremnika
Iskorištavanje:	udaljeno
Posljedica:	pokretanje proizvoljnih naredbi, uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2012-0870
Izvorni ID preporuke:	MDVSA-2012:025
Izvor:	Mandriva

Problem:
Prepisivanje spremnika uzrokovano je propustom u "process.c" datoteci.
Posljedica:
Udaljeni napadač može iskoristiti navedeni nedostatak za pokretanje proizvoljnog programskog koda i/ili izvođenje DoS napada slanjem posebno oblikovanog AndX zahtjeva.
Rješenje:
U svrhu zaštite korisnicima se preporučuje instalacija odgovarajuće nadogradnje programskog paketa.

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2012:025
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : samba
 Date    : February 28, 2012
 Affected: Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been found and corrected in samba:
 
 Heap-based buffer overflow in process.c in smbd in Samba allows remote
 attackers to cause a denial of service (daemon crash) or possibly
 execute arbitrary code via a Batched (aka AndX) request that triggers
 infinite recursion (CVE-2012-0870).
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0870
 _______________________________________________________________________

 Updated Packages:

 Mandriva Enterprise Server 5:
 f1c5c40a39960bf0be8b4f7b0eb07f1c 
mes5/i586/libnetapi0-3.3.12-0.8mdvmes5.2.i586.rpm
 c09851ea48666122ce67fb3bb5d863b7 
mes5/i586/libnetapi-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 574874125ee63e520110e73158fa1c53 
mes5/i586/libsmbclient0-3.3.12-0.8mdvmes5.2.i586.rpm
 ed39a5badbcb3dff984d099d995e4654 
mes5/i586/libsmbclient0-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 37f6c8edc6af9e4439fe1cfa74162fd4 
mes5/i586/libsmbclient0-static-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 e06527be75deb64802f8bfa4c266f9bc 
mes5/i586/libsmbsharemodes0-3.3.12-0.8mdvmes5.2.i586.rpm
 9926b5aa94649fe5e4563d7d30eea094 
mes5/i586/libsmbsharemodes-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 13ed1d18924705829149f27c89cff483 
mes5/i586/libtalloc1-3.3.12-0.8mdvmes5.2.i586.rpm
 0dcc0cadaff5d3e9e9b26a4aa76320b9 
mes5/i586/libtalloc-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 f66dc353d8f7cc28d9e9922bc731bd06 
mes5/i586/libtdb1-3.3.12-0.8mdvmes5.2.i586.rpm
 87689dca4f04ccc56c8b7e2958f870a5 
mes5/i586/libtdb-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 eac4493389bdd505786b2a813800ec21 
mes5/i586/libwbclient0-3.3.12-0.8mdvmes5.2.i586.rpm
 0a4d9665399a405ec33352bac8b085d7 
mes5/i586/libwbclient-devel-3.3.12-0.8mdvmes5.2.i586.rpm
 31d01f8f5ac236bdeb5da6c0b1103c26 
mes5/i586/mount-cifs-3.3.12-0.8mdvmes5.2.i586.rpm
 4d65a41c7adf287f33146cb51976c12f 
mes5/i586/nss_wins-3.3.12-0.8mdvmes5.2.i586.rpm
 95851e4895bebace6a800c21411c2c98 
mes5/i586/samba-client-3.3.12-0.8mdvmes5.2.i586.rpm
 615ae2342634aa724e233fe7c38e1021 
mes5/i586/samba-common-3.3.12-0.8mdvmes5.2.i586.rpm
 593f4559e2e7927c3d2be07c75f69fc2 
mes5/i586/samba-doc-3.3.12-0.8mdvmes5.2.i586.rpm
 082b8b10f48f87102f5f4e5734192274 
mes5/i586/samba-server-3.3.12-0.8mdvmes5.2.i586.rpm
 671a8293f5c9970eff7f41a382ce1de8 
mes5/i586/samba-swat-3.3.12-0.8mdvmes5.2.i586.rpm
 d0826b2d50dd03a8a2def0ab8217a10b 
mes5/i586/samba-winbind-3.3.12-0.8mdvmes5.2.i586.rpm 
 e63162eb725a3c786a9d6ce6e3ffa834  mes5/SRPMS/samba-3.3.12-0.8mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 08052ae7f504d3afebc2592c4563cb26 
mes5/x86_64/lib64netapi0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 959b440b7a52de85774c7826c23e5a0d 
mes5/x86_64/lib64netapi-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 4fbf3c6550bbd781101b19a5f59db31f 
mes5/x86_64/lib64smbclient0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 fa0e52cf4f492cb5d991ca5305f4eca7 
mes5/x86_64/lib64smbclient0-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 3aab55b5470b2dd3fe21bc22aac57881 
mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 62faaa06906b9b03f73d130c30841e24 
mes5/x86_64/lib64smbsharemodes0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 2989b58fbd3b45bc9f59c252c694970f 
mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 7b02247f56fbae2c39148fbbdb2a9753 
mes5/x86_64/lib64talloc1-3.3.12-0.8mdvmes5.2.x86_64.rpm
 c06c34fbdf4472157ce75f438c8975fe 
mes5/x86_64/lib64talloc-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 05412945bb2a1b2be22aab619395366e 
mes5/x86_64/lib64tdb1-3.3.12-0.8mdvmes5.2.x86_64.rpm
 a5d3e798398970a92129d182766049ab 
mes5/x86_64/lib64tdb-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 fa4659a2d3591b354ed48fe4780e318a 
mes5/x86_64/lib64wbclient0-3.3.12-0.8mdvmes5.2.x86_64.rpm
 a647ebd6ed3d00f8e0cf32db8deddd89 
mes5/x86_64/lib64wbclient-devel-3.3.12-0.8mdvmes5.2.x86_64.rpm
 5075846b37b482eee78d1390284d221f 
mes5/x86_64/mount-cifs-3.3.12-0.8mdvmes5.2.x86_64.rpm
 08968a5c3682f2af4dab4433d3c4906c 
mes5/x86_64/nss_wins-3.3.12-0.8mdvmes5.2.x86_64.rpm
 1f391d0c654c0efa93a4a9b90ff8abad 
mes5/x86_64/samba-client-3.3.12-0.8mdvmes5.2.x86_64.rpm
 9d374a84dab147dd3a7e20f38032740f 
mes5/x86_64/samba-common-3.3.12-0.8mdvmes5.2.x86_64.rpm
 fbc801397a2f7b94b06397aed9e037a8 
mes5/x86_64/samba-doc-3.3.12-0.8mdvmes5.2.x86_64.rpm
 39fde58a25e8180b574cf6e5a8f7e432 
mes5/x86_64/samba-server-3.3.12-0.8mdvmes5.2.x86_64.rpm
 d9f108c12ade5b0f8905cb453cdb99dc 
mes5/x86_64/samba-swat-3.3.12-0.8mdvmes5.2.x86_64.rpm
 78f300cd217228b7e44d0845f2b29c53 
mes5/x86_64/samba-winbind-3.3.12-0.8mdvmes5.2.x86_64.rpm 
 e63162eb725a3c786a9d6ce6e3ffa834  mes5/SRPMS/samba-3.3.12-0.8mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPTQdAmqjQ0CJFipgRAjl5AKCHFXTjEFCIjESHT9QE+lzC/znTUQCeKcKO
gBbgJhbdLqBQlAb9QBUHTIM=
=j351
-----END PGP SIGNATURE-----

Pronađena ranjivost programskog paketa samba

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Pronađena ranjivost programskog paketa samba

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti