正文

Samba 缓冲区错误漏洞

admin
admin V管理员 /0 评论 /8 阅读
0304
此篇文章发布距今已超过1162天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Samba 缓冲区错误漏洞

  • CNNVD编号:CNNVD-202104-2136
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2021-20254
  • 漏洞类型: 缓冲区错误
  • 发布时间: 2021-04-29
  • 威胁类型: 远程
  • 更新时间: 2021-12-01
  • 厂        商:
  • 漏洞来源: Ubuntu

漏洞简介

Samba是Samba团队的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。

Samba 存在缓冲区错误漏洞,该漏洞源于在将Windows组标识(sid)映射到unix组标识(gid)时存在边界条件,这导致在Samba服务器进程令牌中创建负面的idmap缓存项。以下产品及版本受到影响:Samba: 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.6.11, 3.6.12, 3.6.13, 3.6.14, 3.6.15, 3.6.16, 3.6.17, 3.6.18, 3.6.19, 3.6.20, 3.6.21, 3.6.22, 3.6.23, 3.6.24, 3.6.25, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.0.13, 4.0.14, 4.0.15, 4.0.16, 4.0.17, 4.0.18, 4.0.19, 4.0.20, 4.0.21, 4.0.22, 4.0.23, 4.0.24, 4.0.25, 4.0.26, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.15, 4.1.16, 4.1.17, 4.1.18, 4.1.19, 4.1.20, 4.1.21, 4.1.22, 4.1.23, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.8, 4.2.9, 4.2.10, 4.2.11, 4.2.12, 4.2.13, 4.2.14, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.12, 4.3.13, 4.4.0, 4.4.0 rc4, 4.4.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.14, 4.4.15, 4.4.16, 4.5.0, 4.5.1, 4.5.2, 4.5.3, 4.5.4, 4.5.5, 4.5.6, 4.5.7, 4.5.8, 4.5.9, 4.5.10, 4.5.11, 4.5.12, 4.5.13, 4.5.14, 4.5.15, 4.5.16, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.6, 4.6.7, 4.6.8, 4.6.9, 4.6.10, 4.6.11, 4.6.12, 4.6.13, 4.6.14, 4.6.15, 4.6.16, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.7.10, 4.7.11, 4.7.12, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.8.6, 4.8.7, 4.8.8, 4.8.9, 4.8.10, 4.8.11, 4.8.12, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 4.9.12, 4.9.13, 4.9.14, 4.9.15, 4.9.16, 4.9.17, 4.9.18, 4.10.0, 4.10.1, 4.10.2, 4.10.3, 4.10.4, 4.10.5, 4.10.6, 4.10.7, 4.10.8, 4.10.9, 4.10.10, 4.10.11, 4.10.12, 4.10.13, 4.10.14, 4.10.15, 4.10.16, 4.10.17, 4.10.18, 4.11.0, 4.11.1, 4.11.2, 4.11.3, 4.11.4, 4.11.5, 4.11.6, 4.11.7, 4.11.8, 4.11.9, 4.11.10, 4.11.11, 4.11.12, 4.11.13, 4.11.14, 4.11.15, 4.11.16, 4.11.17, 4.12.0, 4.12.1, 4.12.2, 4.12.3, 4.12.4, 4.12.5, 4.12.6, 4.12.7, 4.12.8, 4.12.9, 4.12.10, 4.12.11, 4.12.12, 4.12.13, 4.12.14, 4.13.0, 4.13.1, 4.13.2, 4.13.3, 4.13.4, 4.13.5, 4.13.6, 4.13.7, 4.14.0, 4.14.1, 4.14.2, 4.14.3 。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://bugzilla.redhat.com/show_bug.cgi?id=1949442

参考网址

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/3EP2VJ73OVBPVSOSTVOMGIEQA3MWF6F7/

来源:MISC

链接:https://www.samba.org/samba/security/CVE-2021-20254.html

来源:MISC

链接:https://bugzilla.redhat.com/show_bug.cgi?id=1949442

来源:GENTOO

链接:https://security.gentoo.org/glsa/202105-22

来源:MISC

链接:https://security.netapp.com/advisory/ntap-20210430-0001/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/[email protected]/message/ZAF6L2M6CNAJ2YYYGXPWETTW5YLCWTVT/

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164406/Red-Hat-Security-Advisory-2021-3723-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164659/Red-Hat-Security-Advisory-2021-3988-01.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.4027

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1476

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3555

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1497

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021061810

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-samba-for-ibm-i-is-affected-by-cve-2021-20254/

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021060941

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2021-20254

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/164737/Red-Hat-Security-Advisory-2021-4058-01.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162798/Gentoo-Linux-Security-Advisory-202105-22.html

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2021-20254

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/162405/Ubuntu-Security-Notice-USN-4930-1.html

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1557

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021110317

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.1852

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3656

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163024/Red-Hat-Security-Advisory-2021-2313-01.html

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021042916

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3187

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Samba-privilege-escalation-35207

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.2031

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2021.3303

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021100616

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021061425

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021052619

受影响实体

    暂无


补丁

  • Samba 缓冲区错误漏洞的修复措施
    <!--
    2021-4-29
    -->