Lucene search
RootSSV:12452HistoryOct 12, 2009 - 12:00 a.m.
Samba setuid mount.cifs信息泄露漏洞
2009-10-1200:00:00
Root
www.seebug.org
17
0.001 Low
EPSS
Percentile
26.1%
BUGTRAQ ID: 36572
CVE ID: CVE-2009-2948
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
mount.cifs程序允许用户通过不同的方式传送凭据文件的名称或包含有口令的文件。如果安装为setuid程序,mount.cifs没有判断试图访问该文件的用户是否拥有root用户权限。远程攻击者可以通过使用–verbose或-v选项,向mount.cifs传送凭据文件,然后读取所传送口令的第一行。
Samba Samba 3.4
Samba Samba 3.3
Samba Samba 3.2
Samba Samba 3.0
临时解决方法:
-
清除mount.cifs的setuid位:
chmod u-s /sbin/mount.cifs
厂商补丁:
Samba
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.samba.org/samba/ftp/stable/samba-3.0.37.tar.gz
http://www.samba.org/samba/ftp/stable/samba-3.2.15.tar.gz
http://www.samba.org/samba/ftp/stable/samba-3.3.8.tar.gz
http://www.samba.org/samba/ftp/stable/samba-3.4.2.tar.gz
Related
ubuntucve
ubuntucve
CVE-2009-2948
2009-10-07 00:00:00
prion
prion
Path traversal
2009-10-07 18:30:00
veracode
veracode
Information Disclosure
2020-04-10 00:39:58
samba
samba
Information disclosure by setuid mount.cifs
2009-10-01 00:00:00
debiancve
debiancve
CVE-2009-2948
2009-10-07 18:30:00
cve
cve
CVE-2009-2948
2009-10-07 18:30:00
nessus
nessus
SuSE 10 Security Update : Samba (ZYPP Patch Number 6518)
2009-10-23 00:00:00
Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / current : samba (SSA:2009-276-01)
2011-05-28 00:00:00
Fedora 10 : samba-3.2.15-0.36.fc10 (2009-10172)
2009-10-05 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities
2009-10-14 00:00:00
Samba multiple security vulnerabilities
2009-10-14 00:00:00
slackware
slackware
samba
2009-10-04 00:01:26
debian
debian
[SECURITY] [DSA 1908-1] New samba packages fix several vulnerabilities
2009-10-14 02:05:13
openvas
openvas
SLES9: Security update for Samba
2009-10-27 00:00:00
Debian: Security Advisory (DSA-1908-1)
2009-10-19 00:00:00
Slackware: Security Advisory (SSA:2009-276-01)
2012-09-10 00:00:00
osv
osv
samba - several vulnerabilities
2009-10-14 00:00:00
fedora
fedora
[SECURITY] Fedora 11 Update: samba-3.4.2-0.42.fc11
2009-10-03 18:59:38
[SECURITY] Fedora 11 Update: samba-3.4.5-0.47.fc11
2010-01-29 03:24:41
[SECURITY] Fedora 11 Update: samba-3.4.7-0.50.fc11
2010-03-10 06:46:46
altlinux
altlinux
Security fix for the ALT Linux 5 package samba version 3.0.37-alt1
2009-10-01 00:00:00
Security fix for the ALT Linux 6 package samba version 3.0.37-alt1
2009-10-01 00:00:00
oraclelinux
oraclelinux
samba security update
2009-10-27 00:00:00
redhat
redhat
(RHSA-2009:1529) Moderate: samba security update
2009-10-27 00:00:00
(RHSA-2009:1585) Moderate: samba3x security and bug fix update
2009-11-16 00:00:00
centos
centos
samba security update
2009-10-27 19:23:21
vmware
vmware
ESX Service Console updates for samba and acpid
2010-04-01 00:00:00
ESX Service Console updates for samba and acpid
2010-04-01 00:00:00
ubuntu
ubuntu
Samba vulnerabilities
2009-10-01 00:00:00
gentoo
gentoo
Samba: Multiple vulnerabilities
2012-06-24 00:00:00