Lucene search
RootSSV:4511HistoryNov 30, 2008 - 12:00 a.m.
Samba smbd远程信息泄露漏洞
2008-11-3000:00:00
Root
www.seebug.org
14
0.048 Low
EPSS
Percentile
91.9%
BUGTRAQ ID: 32494
CVE(CAN) ID: CVE-2008-4314
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
Samba在处理trans、trans2和nttrans请求时存在边界条件错误。这些请求用于在客户端和服务器之间传输任意数量的内存,包含有两个偏移:偏移A指向客户端所发送的PDU,偏移B将传输的内存引导到服务端上的缓冲区。由于在偏移A中的一个剪切错误,导致远程攻击者可以通过发送特制的请求泄露受限制的smbd进程内存。
Samba 3.0.29 - 3.2.4
Samba
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch” target=“_blank”>http://www.samba.org/samba/ftp/patches/security/samba-3.0.32-CVE-2008-4314.patch</a>
Related
openvas
openvas
Ubuntu Update for samba vulnerability USN-680-1
2009-03-23 00:00:00
Gentoo Security Advisory GLSA 200903-07 (samba)
2009-03-13 00:00:00
Samba Arbitrary Memory Contents Information Disclosure Vulnerability
2009-11-04 00:00:00
nessus
nessus
prion
prion
Design/Logic Flaw
2008-12-01 15:30:00
fedora
fedora
[SECURITY] Fedora 10 Update: samba-3.2.5-0.23.fc10
2008-12-03 01:22:54
[SECURITY] Fedora 10 Update: samba-3.2.7-0.25.fc10
2009-01-07 09:25:20
[SECURITY] Fedora 9 Update: samba-3.2.5-0.22.fc9
2008-12-03 01:12:41
securityvulns
securityvulns
[USN-680-1] Samba vulnerability
2008-11-27 00:00:00
SAMBA information disclosure
2008-11-27 00:00:00
cve
cve
CVE-2008-4314
2008-12-01 15:30:00
freebsd
freebsd
samba -- potential leakage of arbitrary memory contents
2008-11-27 00:00:00
debiancve
debiancve
CVE-2008-4314
2008-12-01 15:30:00
ubuntu
ubuntu
Samba vulnerability
2008-11-27 00:00:00
slackware
slackware
[slackware-security] samba
2008-11-29 02:14:34
ubuntucve
ubuntucve
CVE-2008-4314
2008-12-01 00:00:00
gentoo
gentoo
Samba: Data disclosure
2009-03-07 00:00:00
samba
samba
Potential leak of arbitrary memory contents
2008-11-27 00:00:00