Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en Samba |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Denegación de Servicio |
Dificultad | Experto |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | Samba 3.x < 3.4.2 |
Descripción |
|
Se han descubierto múltiples vulnerabilidades en Samba. Las vulnerabilidades son descritas a continuación: - CVE-2009-2948: Se ha descubierto una vulnerabilidad en Samba. La vulnerabilidad reside en un error en los permisos de "mount.cifs". Un atacante local podría obtener las credenciales de una partición samba almacenadas en un fichero mediante la opción "-v". - CVE-2009-2906: La vulnerabilidad reside en el demonio smbd. Un atacante remoto podría causar una denegación de servicio mediante un paquete de respuesta oplock en un momento no esperado. - CVE-2009-2813: La vulnerabilidad reside en un error en la resolución de rutas. Un atacante remoto podría saltar restricciones de acceso y acceder o crear ficheros arbitrartios. |
|
Solución |
|
Actualización de software Debian (DSA-1908-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.dsc http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5.orig.tar.gz http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7.diff.gz Arquitectura independiente: http://security.debian.org/pool/updates/main/s/samba/samba-doc_3.2.5-4lenny7_all.deb http://security.debian.org/pool/updates/main/s/samba/samba-doc-pdf_3.2.5-4lenny7_all.deb alpha (DEC Alpha) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_alpha.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_amd64.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_amd64.deb arm (ARM) http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_arm.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_arm.deb armel (ARM EABI) http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_armel.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_armel.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_hppa.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_i386.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_ia64.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mips.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_mipsel.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_powerpc.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_powerpc.deb s390 (IBM S/390) http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_s390.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_s390.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/samba/libsmbclient_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/swat_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/samba_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/winbind_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/samba-tools_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/samba-common_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/libpam-smbpass_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/smbfs_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/libsmbclient-dev_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/libwbclient0_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/smbclient_3.2.5-4lenny7_sparc.deb http://security.debian.org/pool/updates/main/s/samba/samba-dbg_3.2.5-4lenny7_sparc.deb Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Red Hat (RHSA-2009:1528-1) Red Hat Desktop (v. 3) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux WS (v. 3) https://rhn.redhat.com/ Red Hat (RHSA-2009:1529-1) Red Hat Desktop (v. 4) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux AS (v. 4.8.z) Red Hat Enterprise Linux Desktop (v. 5 cliente) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux ES (v. 4.8.z) Red Hat Enterprise Linux EUS (v. 5.4.z servidor) Red Hat Enterprise Linux WS (v. 4) Sun (271069) Solaris 10 / SPARC / patch 119757-17 Solaris 10 / x86 / patch 119758-17 OpenSolaris / upon builds snv_127 o posterior http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage Red Hat (RHSA-2009:1585-1) RHEL Desktop Supplementary (v. 5 cliente) RHEL Supplementary (v. 5 servidor) RHEL Supplementary EUS (v. 5.4.z servidor) https://rhn.redhat.com/ Hewlett-Packard (HPSBUX02479) Instalar actualizaciones de terceros. |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE |
CVE-2009-2948 CVE-2009-2906 CVE-2009-2813 |
BID | |
Recursos adicionales |
|
Debian Security Advisory (DSA-1908-1) http://lists.debian.org/debian-security-announce/2009/msg00230.html SUSE Security Advisory (SUSE-SR:2009:017) http://www.novell.com/linux/security/advisories/2009_17_sr.html Red Hat Security Advisory (RHSA-2009:1528-1) https://rhn.redhat.com/errata/RHSA-2009-1528.html Red Hat Security Advisory (RHSA-2009:1529-1) https://rhn.redhat.com/errata/RHSA-2009-1529.html Sun Alert Notification (271069) http://sunsolve.sun.com/search/document.do?assetkey=1-66-271069-1 Red Hat Security Advisory (RHSA-2009:1585-1) https://rhn.redhat.com/errata/RHSA-2009-1585.html HP SECURITY BULLETIN (HPSBUX02479) https://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01940841 |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2009-10-23 |
1.1 | Aviso emitido por Suse (SUSE-SR:2009:017), aviso emitido por Red Hat (RHSA-2009:1528-1), a aviso emitido por Red Hat (RHSA-2009:1529-1) | 2009-11-03 |
1.2 | Aviso emitido por Sun (271069) | 2009-11-23 |
1.3 | Aviso emitido por Red Hat (RHSA-2009:1585-1) | 2009-11-24 |
1.4 | Aviso emitido por HP (HPSBUX02479) | 2010-01-28 |