Uočen je i ispravljen nedostatak programskog paketa Samba. Lokalni napadači su mogli iskoristiti navedenu ranjivost za otkrivanje osjetljivih informacija.
| Paket: | Samba 3.x |
| Operacijski sustavi: | Mandriva Linux 2010.1, Mandriva Linux Enterprise Server 5.0 |
| Kritičnost: | 6.5 |
| Problem: | pogreška u programskoj komponenti |
| Iskorištavanje: | lokalno |
| Posljedica: | otkrivanje osjetljivih informacija |
| Rješenje: | programska zakrpa proizvođača |
| CVE: | CVE-2012-1586 |
| Izvorni ID preporuke: | MDVSA-2012:070 |
| Izvor: | Mandriva |
| Problem: | |
| Primijećene su nepravilnosti u radu programske komponente "mount.cifs". |
|
| Posljedica: | |
| Zloćudan korisnik može iskoristiti nedostatak za otkrivanje osjetljivih informacija. |
|
| Rješenje: | |
| Svim korisnicima se savjetuje primjena službenih programskih rješenja. |
|
Izvorni tekst preporuke
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:070
http://www.mandriva.com/security/
_______________________________________________________________________
Package : samba
Date : May 4, 2012
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in samba:
A file existence dislosure flaw was found in the way mount.cifs tool
of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS
(Common Internet File System) filesystem. A local user, able to
mount a remote CIFS share / target to a local directory could use
this flaw to confirm (non) existence of a file system object (file,
directory or process descriptor) via error messages generated during
the mount.cifs tool run (CVE-2012-1586).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1586
https://bugzilla.samba.org/show_bug.cgi?id=8821
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
dd496662bedc161b26294dae8fb3ec6a
2010.1/i586/libnetapi0-3.5.3-3.7mdv2010.2.i586.rpm
fa3eff21e8c15fdd00a0b09d784f8a75
2010.1/i586/libnetapi-devel-3.5.3-3.7mdv2010.2.i586.rpm
46f6c0838f1322501be976b0b108ee01
2010.1/i586/libsmbclient0-3.5.3-3.7mdv2010.2.i586.rpm
09d1da486d9c8dc917c3fcd33e67e9a8
2010.1/i586/libsmbclient0-devel-3.5.3-3.7mdv2010.2.i586.rpm
166127d2117775be61368b8a1d414d92
2010.1/i586/libsmbclient0-static-devel-3.5.3-3.7mdv2010.2.i586.rpm
5c3eb8d716160a3e1b644dacbfeb6a80
2010.1/i586/libsmbsharemodes0-3.5.3-3.7mdv2010.2.i586.rpm
3936bd1a76b6e3488953742e9dc1cdbd
2010.1/i586/libsmbsharemodes-devel-3.5.3-3.7mdv2010.2.i586.rpm
f326643fb6217d37f4392928ab3b9785
2010.1/i586/libwbclient0-3.5.3-3.7mdv2010.2.i586.rpm
798003779c5f818110c282dfa9c82149
2010.1/i586/libwbclient-devel-3.5.3-3.7mdv2010.2.i586.rpm
ff9d703897f4518e0ea553ea4fc27ba7
2010.1/i586/mount-cifs-3.5.3-3.7mdv2010.2.i586.rpm
2815ec4bf56d7761d545cf00afaec268
2010.1/i586/nss_wins-3.5.3-3.7mdv2010.2.i586.rpm
9e44d314f92c8cf23de00f29c2b2cd7b
2010.1/i586/samba-client-3.5.3-3.7mdv2010.2.i586.rpm
ea6957734016133ad7d2e6c174fe4244
2010.1/i586/samba-common-3.5.3-3.7mdv2010.2.i586.rpm
1b3eae9886f6c213cb39cbba7df6c613
2010.1/i586/samba-doc-3.5.3-3.7mdv2010.2.i586.rpm
95804ad6721490f9f0364e52b0553015
2010.1/i586/samba-domainjoin-gui-3.5.3-3.7mdv2010.2.i586.rpm
182e34741505e99493285b7fa645526a
2010.1/i586/samba-server-3.5.3-3.7mdv2010.2.i586.rpm
d490df138c62e60deb73ac2333716d7d
2010.1/i586/samba-swat-3.5.3-3.7mdv2010.2.i586.rpm
6b7edfbbd4dd295d9a59816d99235f49
2010.1/i586/samba-winbind-3.5.3-3.7mdv2010.2.i586.rpm
ec8ac62146e687e9a342c602513256fc
2010.1/SRPMS/samba-3.5.3-3.7mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
07e34908a3530dc7e0903b700f227813
2010.1/x86_64/lib64netapi0-3.5.3-3.7mdv2010.2.x86_64.rpm
61d892dc72900ea40871c2efd18fa7be
2010.1/x86_64/lib64netapi-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
4cf7dd4f2cf145ea9a53f15f5b4ca2fe
2010.1/x86_64/lib64smbclient0-3.5.3-3.7mdv2010.2.x86_64.rpm
80fe598f07d6b0c51f968bb53a493673
2010.1/x86_64/lib64smbclient0-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
75b40bd85d8888af79ee361a781db7eb
2010.1/x86_64/lib64smbclient0-static-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
52ba787499b18ad01c9934a9e389dac1
2010.1/x86_64/lib64smbsharemodes0-3.5.3-3.7mdv2010.2.x86_64.rpm
366dad10af9a0ceed23eb1cb234822f6
2010.1/x86_64/lib64smbsharemodes-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
008fb8eb148ff33c4d2f0a36fa3f3324
2010.1/x86_64/lib64wbclient0-3.5.3-3.7mdv2010.2.x86_64.rpm
05dfdc9e5388a90f2f14617ccf467381
2010.1/x86_64/lib64wbclient-devel-3.5.3-3.7mdv2010.2.x86_64.rpm
3944d4668b05654a5ed89285e6f8c251
2010.1/x86_64/mount-cifs-3.5.3-3.7mdv2010.2.x86_64.rpm
ff15dcc2b2d8327613b02a90bd41ca03
2010.1/x86_64/nss_wins-3.5.3-3.7mdv2010.2.x86_64.rpm
457e3a8f97623173cdf47851779da069
2010.1/x86_64/samba-client-3.5.3-3.7mdv2010.2.x86_64.rpm
ba7d42f765f2de80fc9e7fed0e334d5d
2010.1/x86_64/samba-common-3.5.3-3.7mdv2010.2.x86_64.rpm
0d6a4807149323466dadcdc90be15fa6
2010.1/x86_64/samba-doc-3.5.3-3.7mdv2010.2.x86_64.rpm
ffbd0b27ee05885492e7362b5d441e23
2010.1/x86_64/samba-domainjoin-gui-3.5.3-3.7mdv2010.2.x86_64.rpm
4252f909e0e7bfaa45e5937c34064746
2010.1/x86_64/samba-server-3.5.3-3.7mdv2010.2.x86_64.rpm
5d8902b8ae2b99f3190c7261e8be6699
2010.1/x86_64/samba-swat-3.5.3-3.7mdv2010.2.x86_64.rpm
2a3b36b89008ba74be1851bb0fe0490a
2010.1/x86_64/samba-winbind-3.5.3-3.7mdv2010.2.x86_64.rpm
ec8ac62146e687e9a342c602513256fc
2010.1/SRPMS/samba-3.5.3-3.7mdv2010.2.src.rpm
Mandriva Enterprise Server 5:
b406136551db81ea5c6a6fd52383b1db
mes5/i586/libnetapi0-3.3.12-0.10mdvmes5.2.i586.rpm
5d0e71b63b6742d854a64760ffef5a1e
mes5/i586/libnetapi-devel-3.3.12-0.10mdvmes5.2.i586.rpm
a1bce4873fbf03a0b3d9acb68b3b9928
mes5/i586/libsmbclient0-3.3.12-0.10mdvmes5.2.i586.rpm
3a4e098ba0d9d10aea27f16b0a88c547
mes5/i586/libsmbclient0-devel-3.3.12-0.10mdvmes5.2.i586.rpm
d82751d5e90726d2ca257ebd0edf37a8
mes5/i586/libsmbclient0-static-devel-3.3.12-0.10mdvmes5.2.i586.rpm
a736f31edc3007a78d6e1666cf506bcf
mes5/i586/libsmbsharemodes0-3.3.12-0.10mdvmes5.2.i586.rpm
3c84b6ebb689e7718d769869ba912578
mes5/i586/libsmbsharemodes-devel-3.3.12-0.10mdvmes5.2.i586.rpm
de165b4236a01ee6b0a35eafd809e7ad
mes5/i586/libtalloc1-3.3.12-0.10mdvmes5.2.i586.rpm
4f33d360e15006e8aed210e5b6650969
mes5/i586/libtalloc-devel-3.3.12-0.10mdvmes5.2.i586.rpm
d40ee305b6fc2b5ac78f4874de84f786
mes5/i586/libtdb1-3.3.12-0.10mdvmes5.2.i586.rpm
8a7ccd1fa68970696a40f5d889d78d02
mes5/i586/libtdb-devel-3.3.12-0.10mdvmes5.2.i586.rpm
48f738176a741af39161c82bed6050a2
mes5/i586/libwbclient0-3.3.12-0.10mdvmes5.2.i586.rpm
53490ef3ecd379720f720b823a4a0905
mes5/i586/libwbclient-devel-3.3.12-0.10mdvmes5.2.i586.rpm
264cd06bab6ad71a4930f42b53d754a9
mes5/i586/mount-cifs-3.3.12-0.10mdvmes5.2.i586.rpm
b15dd3af33a5a80389614a91ae45ad08
mes5/i586/nss_wins-3.3.12-0.10mdvmes5.2.i586.rpm
a410864fb10ddb0ea576181809d18df0
mes5/i586/samba-client-3.3.12-0.10mdvmes5.2.i586.rpm
80fd8d8167741ee7da3e885214c75775
mes5/i586/samba-common-3.3.12-0.10mdvmes5.2.i586.rpm
3db12da76a3dfc84f0fce71e62bbefcf
mes5/i586/samba-doc-3.3.12-0.10mdvmes5.2.i586.rpm
6b778b3bc55cca365c6fad57a9f877da
mes5/i586/samba-server-3.3.12-0.10mdvmes5.2.i586.rpm
3c493a7654d33cb2fab5595d3413f5e3
mes5/i586/samba-swat-3.3.12-0.10mdvmes5.2.i586.rpm
ecb7876de48598f822edb57f2d01083a
mes5/i586/samba-winbind-3.3.12-0.10mdvmes5.2.i586.rpm
3dad784fd91e4d11f827bcf637e38911
mes5/SRPMS/samba-3.3.12-0.10mdvmes5.2.src.rpm
Mandriva Enterprise Server 5/X86_64:
028b8b35fe265857c5660a48d0689f65
mes5/x86_64/lib64netapi0-3.3.12-0.10mdvmes5.2.x86_64.rpm
4e1e6ca82f91a16daba81ebad63c8ba1
mes5/x86_64/lib64netapi-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
b1687db7ef71fd55bd5dd8a806741435
mes5/x86_64/lib64smbclient0-3.3.12-0.10mdvmes5.2.x86_64.rpm
ada87ce49561ee2b1e53669a728ba9ab
mes5/x86_64/lib64smbclient0-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
805b0dcf72047da6670091ef5190d557
mes5/x86_64/lib64smbclient0-static-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
e7f423cd6dd382c59d6963fba9d2c3c9
mes5/x86_64/lib64smbsharemodes0-3.3.12-0.10mdvmes5.2.x86_64.rpm
e44daaa79d193ef689d5894b3bf9f528
mes5/x86_64/lib64smbsharemodes-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
38d8d2801c3fa0287c7244822073f23d
mes5/x86_64/lib64talloc1-3.3.12-0.10mdvmes5.2.x86_64.rpm
eae72bec1b9a6ff943c022513aab2fe5
mes5/x86_64/lib64talloc-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
2edaa04cd18eaae2cf91e94f38d0f6d0
mes5/x86_64/lib64tdb1-3.3.12-0.10mdvmes5.2.x86_64.rpm
4fab6b6ab1ec0e7fc2712c7af587088f
mes5/x86_64/lib64tdb-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
cdbbbf0d46c237e518253deecfc06bc0
mes5/x86_64/lib64wbclient0-3.3.12-0.10mdvmes5.2.x86_64.rpm
908ad56c3b28e6b987da13774b33f379
mes5/x86_64/lib64wbclient-devel-3.3.12-0.10mdvmes5.2.x86_64.rpm
659ebc87967d3726da307b153b266cb0
mes5/x86_64/mount-cifs-3.3.12-0.10mdvmes5.2.x86_64.rpm
3c7e95924dd842028077ab6b7a610d62
mes5/x86_64/nss_wins-3.3.12-0.10mdvmes5.2.x86_64.rpm
163c146f282956f761b1a6e5c7070d98
mes5/x86_64/samba-client-3.3.12-0.10mdvmes5.2.x86_64.rpm
c1245d240a135b2d1c6b97d3009ce01d
mes5/x86_64/samba-common-3.3.12-0.10mdvmes5.2.x86_64.rpm
e0d54e3ca8d92b1a8d661ac70d152186
mes5/x86_64/samba-doc-3.3.12-0.10mdvmes5.2.x86_64.rpm
f61cdc68213c9baef4bf6d71a46fe8d0
mes5/x86_64/samba-server-3.3.12-0.10mdvmes5.2.x86_64.rpm
94d10dfe6ee83aa026c75c87745107bf
mes5/x86_64/samba-swat-3.3.12-0.10mdvmes5.2.x86_64.rpm
cd984b4be2ecfc30144ff2d0a0d0c6d1
mes5/x86_64/samba-winbind-3.3.12-0.10mdvmes5.2.x86_64.rpm
3dad784fd91e4d11f827bcf637e38911
mes5/SRPMS/samba-3.3.12-0.10mdvmes5.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPo9/qmqjQ0CJFipgRAmPKAKDRZK/72FfLzVHDziK1FXk0cwAKgACgtUfK
qiVpzJ/OFQeZTT2t7moMp0Q=
=mhCS
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke