Vulnerability Bulletins |
Vulnerabilidad en las versiones anteriores a la 3.0.2 del servidor Samba |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Avanzado |
| Required attacker level | Acceso remoto sin cuenta a un servicio exotico |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | Samba <3.0.2 |
Description |
|
|
Se ha descubierto una vulnerabilidad en las versiones anteriores a la 3.0.2 del servidor Samba para Linux/Unix. La vulnerabilidad reside en el script mksmbpassword. Si una cuenta es creada pero marcada como desactivada utilizando el script mencionado Samba sobrescribirá el password del usuario con el contenido de un buffer no inicializado. Esto podría permitir a un atacante remoto activar una cuenta desactivada ya que el password podría ser adivinado fácilmente por el atacante. |
|
Solution |
|
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Samba 3.0.2 http://download.samba.org/samba/ftp/ Red Hat Red Hat Desktop (v. 3) AMD64 samba-3.0.2-6.3E.x86_64.rpm samba-client-3.0.2-6.3E.x86_64.rpm samba-common-3.0.2-6.3E.x86_64.rpm samba-swat-3.0.2-6.3E.x86_64.rpm SRPMS samba-3.0.2-6.3E.src.rpm i386 samba-3.0.2-6.3E.i386.rpm samba-client-3.0.2-6.3E.i386.rpm samba-common-3.0.2-6.3E.i386.rpm samba-swat-3.0.2-6.3E.i386.rpm samba-3.0.2-6.3E.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 samba-3.0.2-6.3E.x86_64.rpm samba-client-3.0.2-6.3E.x86_64.rpm samba-common-3.0.2-6.3E.x86_64.rpm samba-swat-3.0.2-6.3E.x86_64.rpm SRPMS samba-3.0.2-6.3E.src.rpm i386 samba-3.0.2-6.3E.i386.rpm samba-client-3.0.2-6.3E.i386.rpm samba-common-3.0.2-6.3E.i386.rpm samba-swat-3.0.2-6.3E.i386.rpm samba-3.0.2-6.3E.i386.rpm ia64 samba-3.0.2-6.3E.ia64.rpm samba-client-3.0.2-6.3E.ia64.rpm samba-common-3.0.2-6.3E.ia64.rpm samba-swat-3.0.2-6.3E.ia64.rpm ppc samba-3.0.2-6.3E.ppc.rpm samba-client-3.0.2-6.3E.ppc.rpm samba-common-3.0.2-6.3E.ppc.rpm samba-swat-3.0.2-6.3E.ppc.rpm ppc64 samba-3.0.2-6.3E.ppc64.rpm s390 samba-3.0.2-6.3E.s390.rpm samba-client-3.0.2-6.3E.s390.rpm samba-common-3.0.2-6.3E.s390.rpm samba-swat-3.0.2-6.3E.s390.rpm samba-3.0.2-6.3E.s390.rpm s390x samba-3.0.2-6.3E.s390x.rpm samba-client-3.0.2-6.3E.s390x.rpm samba-common-3.0.2-6.3E.s390x.rpm samba-swat-3.0.2-6.3E.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 samba-3.0.2-6.3E.x86_64.rpm samba-client-3.0.2-6.3E.x86_64.rpm samba-common-3.0.2-6.3E.x86_64.rpm samba-swat-3.0.2-6.3E.x86_64.rpm SRPMS samba-3.0.2-6.3E.src.rpm i386 samba-3.0.2-6.3E.i386.rpm samba-client-3.0.2-6.3E.i386.rpm samba-common-3.0.2-6.3E.i386.rpm samba-swat-3.0.2-6.3E.i386.rpm samba-3.0.2-6.3E.i386.rpm ia64 samba-3.0.2-6.3E.ia64.rpm samba-client-3.0.2-6.3E.ia64.rpm samba-common-3.0.2-6.3E.ia64.rpm samba-swat-3.0.2-6.3E.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64: samba-3.0.2-6.3E.x86_64.rpm samba-client-3.0.2-6.3E.x86_64.rpm samba-common-3.0.2-6.3E.x86_64.rpm samba-swat-3.0.2-6.3E.x86_64.rpm SRPMS samba-3.0.2-6.3E.src.rpm i386 samba-3.0.2-6.3E.i386.rpm samba-client-3.0.2-6.3E.i386.rpm samba-common-3.0.2-6.3E.i386.rpm samba-swat-3.0.2-6.3E.i386.rpm samba-3.0.2-6.3E.i386.rpm ia64 samba-3.0.2-6.3E.ia64.rpm samba-client-3.0.2-6.3E.ia64.rpm samba-common-3.0.2-6.3E.ia64.rpm samba-swat-3.0.2-6.3E.ia64.rpm https://rhn.redhat.com/ |
|
Standar resources |
|
| Property | Value |
| CVE | CAN-2004-0082 |
| BID | |
Other resources |
|
|
Samba document concerning the release of Samba 3.0.2 http://samba.org/samba/whatsnew/samba-3.0.2.html Red Hat Security Advisory RHSA-2004:064-11 https://rhn.redhat.com/errata/RHSA-2004-064.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2004-02-12 |
| 1.1 | Aviso emitido por Red Hat (RHSA-2004:064-11) | 2004-05-24 |