Lucene search
RootSSV:4626HistoryJan 06, 2009 - 12:00 a.m.
Samba注册表共享名非授权访问漏洞
2009-01-0600:00:00
Root
www.seebug.org
10
0.842 High
EPSS
Percentile
98.2%
BUGTRAQ ID: 33118
CVE(CAN) ID: CVE-2009-0022
Samba是一套实现SMB(Server Messages Block)协议、跨平台进行文件共享和打印共享服务的程序。
启用了注册表共享的Samba没有正确地验证共享名,通过认证的攻击者可以通过使用较老版本的smbclient并指定空字符串为共享名(如smbclient //server/ -U user%pass)来访问root文件系统。
Samba 3.2.0 - 3.2.6
临时解决方法:
- 通过registry shares = no禁用注册表共享。
厂商补丁:
Samba
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.samba.org/samba/security/” target=“_blank”>http://www.samba.org/samba/security/</a>
Related
checkpoint_advisories
checkpoint_advisories
Samba Root File System Access Security Bypass (CVE-2009-0022)
2014-05-07 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:042 (samba)
2009-02-23 00:00:00
Samba Root File System Access Security Vulnerability
2009-01-09 00:00:00
Ubuntu: Security Advisory (USN-702-1)
2009-01-07 00:00:00
debiancve
debiancve
CVE-2009-0022
2009-01-05 20:30:00
nessus
nessus
Ubuntu 8.10 : samba vulnerability (USN-702-1)
2009-04-23 00:00:00
Fedora 9 : samba-3.2.7-0.23.fc9 (2009-0268)
2009-01-16 00:00:00
Fedora 10 : samba-3.2.7-0.25.fc10 (2009-0160)
2009-04-23 00:00:00
securityvulns
securityvulns
[USN-702-1] Samba vulnerability
2009-01-06 00:00:00
Samba directory traversal
2009-01-06 00:00:00
ubuntucve
ubuntucve
CVE-2009-0022
2009-01-05 00:00:00
prion
prion
Cross site request forgery (csrf)
2009-01-05 20:30:00
ubuntu
ubuntu
Samba vulnerability
2009-01-05 00:00:00
cve
cve
CVE-2009-0022
2009-01-05 20:30:00
slackware
slackware
samba
2009-01-05 13:53:53
samba
samba
Potential access to "/" in setups with
2009-01-05 00:00:00
fedora
fedora
[SECURITY] Fedora 10 Update: samba-3.2.7-0.25.fc10
2009-01-07 09:25:20
[SECURITY] Fedora 9 Update: samba-3.2.7-0.23.fc9
2009-01-07 21:50:31
[SECURITY] Fedora 10 Update: samba-3.2.15-0.36.fc10
2009-10-03 18:57:48