Samba再爆多个高危漏洞 N多版本受影响 CVE-2017-12150中间人安全绕过漏洞

Samba漏洞每次都带来不小的麻烦,上周Samba又爆出3个漏洞,1个是设计问题带来的漏洞,Samba CVE-2017-12150中间人安全绕过漏洞,成功利用此问题可能会使攻击者绕过安全限制,并通过进行中间人攻击,来执行未经授权的操作,进而引发其他攻击。N多版本受影响。

第二个是当使用 SMB3 连接时, 文件通过 DFS 重定向到达,中间攻击的人可以读取并可能更改通过客户端连接传输的机密文件。

同时安全加还看到了另外一个漏洞,Samba CVE-2017-12163任意文件写漏洞 ,这个漏洞已经在Samba 4.6.8, 4.5.14和4.4.16版本中修复,请大家尽快更新。

据称补丁如下

Date Issued Download Known Issue(s) Affected Releases CVE ID # Details
20 Sep 2017 patch for Samba 4.6.7
patch for Samba 4.5.13
patch for Samba 4.4.15
Numerous CVEs. Please see the announcements for details. please refer to the advisories CVE-2017-12150,CVE-2017-12151,CVE-2017-12163

Announcement,

Announcement,

Announcement

Samba CVE-2017-12150中间人安全绕过漏洞

SecurityFocus评价

Samba比较容易出现安全绕过漏洞。这会引发其他攻击。成功利用此问题可能会使攻击者绕过安全限制,并通过进行中间人攻击,来执行未经授权的操作,进而引发其他攻击。

如下版本受影响
Samba 3.0.25 through 4.4.15 
Samba 4.5.14之前的所有4.5.x 版本
Samba 4.6.8之前的所有4.6.x 版本

Bugtraq ID: 100918
Class: Design Error
CVE: CVE-2017-12150
Remote: Yes
Local: No
Published: Sep 20 2017 12:00AM
Updated: Sep 20 2017 12:00AM
Credit: Stefan Metzmacher
Vulnerable: Samba Samba 4.6.7 
Samba Samba 4.6.6 
Samba Samba 4.6.4 
Samba Samba 4.6.1 
Samba Samba 4.6 
Samba Samba 4.5.13 
Samba Samba 4.5.12 
Samba Samba 4.5.10 
Samba Samba 4.5.7 
Samba Samba 4.5.6 
Samba Samba 4.5.5 
Samba Samba 4.5.4 
Samba Samba 4.5.1 
Samba Samba 4.5 
Samba Samba 4.4.15 
Samba Samba 4.4.14 
Samba Samba 4.4.12 
Samba Samba 4.4.11 
Samba Samba 4.4.10 
Samba Samba 4.4.9 
Samba Samba 4.4.7 
Samba Samba 4.4.6 
Samba Samba 4.4.1 
Samba Samba 4.4 
Samba Samba 4.3.7 
Samba Samba 4.3.5 
Samba Samba 4.3.4 
Samba Samba 4.3.3 
Samba Samba 4.3.2 
Samba Samba 4.3.1 
Samba Samba 4.3 
Samba Samba 4.2.10 
Samba Samba 4.2.8 
Samba Samba 4.2.7 
Samba Samba 4.2.6 
Samba Samba 4.2.5 
Samba Samba 4.2.4 
Samba Samba 4.2.3 
Samba Samba 4.2.2 
Samba Samba 4.2.1 
Samba Samba 4.2 
Samba Samba 4.1.22 
Samba Samba 4.1.21 
Samba Samba 4.1.20 
Samba Samba 4.1.19 
Samba Samba 4.1.18 
Samba Samba 4.1.17 
Samba Samba 4.1.16 
Samba Samba 4.1.15 
Samba Samba 4.1.14 
Samba Samba 4.1.13 
Samba Samba 4.1.10 
Samba Samba 4.1.9 
Samba Samba 4.1.7 
Samba Samba 4.1.3 
Samba Samba 4.1.2 
Samba Samba 4.1.1 
Samba Samba 4.1 
Samba Samba 4.0.24 
Samba Samba 4.0.23 
Samba Samba 4.0.21 
Samba Samba 4.0.20 
Samba Samba 4.0.19 
Samba Samba 4.0.18 
Samba Samba 4.0.17 
Samba Samba 4.0.13 
Samba Samba 4.0.12 
Samba Samba 4.0.10 
Samba Samba 4.0.2 
Samba Samba 3.6.24 
Samba Samba 3.6.23 
Samba Samba 3.6.22 
Samba Samba 3.6.21 
Samba Samba 3.6.20 
Samba Samba 3.6.19 
Samba Samba 3.6.12 
Samba Samba 3.6.4 
Samba Samba 3.6.3 
Samba Samba 3.6.2 
Samba Samba 3.6.1 
Samba Samba 3.6 
Samba Samba 3.5.22 
Samba Samba 3.5.21 
Samba Samba 3.5.16 
Samba Samba 3.5.9 
Samba Samba 3.5.8 
Samba Samba 3.5.2 
Samba Samba 3.5.1 
Samba Samba 3.5 
Samba Samba 3.4.15 
Samba Samba 3.4.14 
Samba Samba 3.4.13 
Samba Samba 3.4.12 
Samba Samba 3.4.11 
Samba Samba 3.4.10 
Samba Samba 3.4.8 
Samba Samba 3.4.7 
Samba Samba 3.4.6 
Samba Samba 3.4.5 
Samba Samba 3.4.2 
Samba Samba 3.4.1 
Samba Samba 3.4 
Samba Samba 3.3.16 
Samba Samba 3.3.15 
Samba Samba 3.3.14 
Samba Samba 3.3.13 
Samba Samba 3.3.12 
Samba Samba 3.3.11 
Samba Samba 3.3.10 
Samba Samba 3.3.9 
Samba Samba 3.3.8 
Samba Samba 3.3.7 
Samba Samba 3.3.6 
Samba Samba 3.3.5 
Samba Samba 3.3.4 
Samba Samba 3.3.3 
Samba Samba 3.3.1 
Samba Samba 3.3 
Samba Samba 3.2.15 
Samba Samba 3.2.14 
Samba Samba 3.2.13 
Samba Samba 3.2.12 
Samba Samba 3.2.11 
Samba Samba 3.2.10 
Samba Samba 3.2.7 
Samba Samba 3.2.6 
Samba Samba 3.2.5 
Samba Samba 3.2.4 
Samba Samba 3.2.3 
Samba Samba 3.2.2 
Samba Samba 3.2.1 
Samba Samba 3.2 
Samba Samba 3.0.37 
Samba Samba 3.0.36 
Samba Samba 3.0.35 
Samba Samba 3.0.34 
Samba Samba 3.0.33 
Samba Samba 3.0.32 
Samba Samba 3.0.31 
Samba Samba 3.0.30 
Samba Samba 3.0.29 
Samba Samba 3.0.28 
Samba Samba 3.0.27 
Samba Samba 3.0.26 
Samba Samba 3.0.25 
Samba Samba 4.5.3
Samba Samba 4.5.2
Samba Samba 4.4.8
Samba Samba 4.4.5
Samba Samba 4.4.4
Samba Samba 4.4.3
Samba Samba 4.4.2
Samba Samba 4.3.9
Samba Samba 4.3.8
Samba Samba 4.3.6
Samba Samba 4.3.13
Samba Samba 4.3.11
Samba Samba 4.3.10
Samba Samba 4.2.9
+ Trustix Secure Linux 2.0 
+ Trustix Secure Linux 1.5 
Samba Samba 4.2.14
Samba Samba 4.2.13
Samba Samba 4.2.12
Samba Samba 4.2.11
Samba Samba 4.1.8
Samba Samba 4.1.6
Samba Samba 4.1.5
Samba Samba 4.1.4
Samba Samba 4.1.23
+ Trustix Secure Linux 2.0 
+ Trustix Secure Linux 1.5 
Samba Samba 4.1.11
Samba Samba 4.0.9
Samba Samba 4.0.8
Samba Samba 4.0.7
Samba Samba 4.0.6
Samba Samba 4.0.5
Samba Samba 4.0.4
Samba Samba 4.0.3
Samba Samba 4.0.22
Samba Samba 4.0.16
Samba Samba 4.0.15
Samba Samba 4.0.14
Samba Samba 4.0.11
Samba Samba 4.0.1
Samba Samba 4.0.0
Samba Samba 3.6.9
Samba Samba 3.6.8
Samba Samba 3.6.7
Samba Samba 3.6.6
Samba Samba 3.6.5
Samba Samba 3.6.18
Samba Samba 3.6.17
Samba Samba 3.6.16
Samba Samba 3.6.15
Samba Samba 3.6.14
Samba Samba 3.6.13
Samba Samba 3.6.11
Samba Samba 3.6.10
Samba Samba 3.5.7
Samba Samba 3.5.6
Samba Samba 3.5.5
Samba Samba 3.5.4
Samba Samba 3.5.3
Samba Samba 3.5.20
Samba Samba 3.5.19
Samba Samba 3.5.18
Samba Samba 3.5.17
Samba Samba 3.5.15
Samba Samba 3.5.14
Samba Samba 3.5.12
Samba Samba 3.5.11
Samba Samba 3.5.10
Samba Samba 3.5
Samba Samba 3.4.9
Samba Samba 3.4.4
Samba Samba 3.4.3
Samba Samba 3.4.17
Samba Samba 3.4.16
Samba Samba 3.3.2
Samba Samba 3.2.9
Samba Samba 3.2.8
Samba Samba 3.1.0
Samba Samba 3.1
Redhat Gluster Storage 3.0
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0 
+ Trustix Secure Linux 2.2 
+ Trustix Secure Linux 2.1 
+ Trustix Secure Linux 2.0 
 
Not Vulnerable: Samba Samba 4.6.8 
Samba Samba 4.5.14 
Samba Samba 4.4.16 

 

Samba CVE-2017-12163任意文件写漏洞 

SecurityFocus评价

Samba 容易出现攻击者编写或改写任意文件的漏洞。攻击者可以利用此问题将任意内容写入 samba 共享上的文件或共享打印机, 这可能引发进一步的攻击。这个漏洞已经在Samba 4.6.8, 4.5.14和4.4.16版本中修复,请大家尽快更新。

Bugtraq ID: 100925
Class: Design Error
CVE: CVE-2017-12163
Remote: Yes
Local: No
Published: Sep 20 2017 12:00AM
Updated: Sep 20 2017 12:00AM
Credit: Yihan Lian and Zhibin Hu from Qihoo 360 GearTeam.
Vulnerable: Samba Samba 4.6.7 
Samba Samba 4.6.6 
Samba Samba 4.6.4 
Samba Samba 4.6.1 
Samba Samba 4.6 
Samba Samba 4.5.13 
Samba Samba 4.5.12 
Samba Samba 4.5.10 
Samba Samba 4.5.7 
Samba Samba 4.5.6 
Samba Samba 4.5.5 
Samba Samba 4.5.4 
Samba Samba 4.5.1 
Samba Samba 4.5 
Samba Samba 4.4.15 
Samba Samba 4.4.14 
Samba Samba 4.4.12 
Samba Samba 4.4.11 
Samba Samba 4.4.10 
Samba Samba 4.4.9 
Samba Samba 4.4.7 
Samba Samba 4.4.6 
Samba Samba 4.4.1 
Samba Samba 4.4 
Samba Samba 4.3.7 
Samba Samba 4.3.5 
Samba Samba 4.3.4 
Samba Samba 4.3.3 
Samba Samba 4.3.2 
Samba Samba 4.3.1 
Samba Samba 4.3 
Samba Samba 4.2.10 
Samba Samba 4.2.8 
Samba Samba 4.2.7 
Samba Samba 4.2.6 
Samba Samba 4.2.5 
Samba Samba 4.2.4 
Samba Samba 4.2.3 
Samba Samba 4.2.2 
Samba Samba 4.2.1 
Samba Samba 4.2 
Samba Samba 4.1.22 
Samba Samba 4.1.21 
Samba Samba 4.1.20 
Samba Samba 4.1.19 
Samba Samba 4.1.18 
Samba Samba 4.1.17 
Samba Samba 4.1.16 
Samba Samba 4.1.15 
Samba Samba 4.1.14 
Samba Samba 4.1.13 
Samba Samba 4.1.10 
Samba Samba 4.1.9 
Samba Samba 4.1.7 
Samba Samba 4.1.3 
Samba Samba 4.1.2 
Samba Samba 4.1.1 
Samba Samba 4.1 
Samba Samba 4.0.24 
Samba Samba 4.0.23 
Samba Samba 4.0.21 
Samba Samba 4.0.20 
Samba Samba 4.0.19 
Samba Samba 4.0.18 
Samba Samba 4.0.17 
Samba Samba 4.0.13 
Samba Samba 4.0.12 
Samba Samba 4.0.10 
Samba Samba 4.0.2 
Samba Samba 3.6.24 
Samba Samba 3.6.23 
Samba Samba 3.6.22 
Samba Samba 3.6.21 
Samba Samba 3.6.20 
Samba Samba 3.6.19 
Samba Samba 3.6.12 
Samba Samba 3.6.4 
Samba Samba 3.6.3 
Samba Samba 3.6.2 
Samba Samba 3.6.1 
Samba Samba 3.6 
Samba Samba 3.5.22 
Samba Samba 3.5.21 
Samba Samba 3.5.16 
Samba Samba 3.5.13 
Samba Samba 3.5.9 
Samba Samba 3.5.8 
Samba Samba 3.5.2 
Samba Samba 3.5.1 
Samba Samba 3.5 
Samba Samba 3.4.15 
Samba Samba 3.4.14 
Samba Samba 3.4.13 
Samba Samba 3.4.12 
Samba Samba 3.4.11 
Samba Samba 3.4.10 
Samba Samba 3.4.8 
Samba Samba 3.4.7 
Samba Samba 3.4.6 
Samba Samba 3.4.5 
Samba Samba 3.4.2 
Samba Samba 3.4.1 
Samba Samba 3.4 
Samba Samba 3.3.16 
Samba Samba 3.3.15 
Samba Samba 3.3.14 
Samba Samba 3.3.13 
Samba Samba 3.3.12 
Samba Samba 3.3.11 
Samba Samba 3.3.10 
Samba Samba 3.3.9 
Samba Samba 3.3.8 
Samba Samba 3.3.7 
Samba Samba 3.3.6 
Samba Samba 3.3.5 
Samba Samba 3.3.4 
Samba Samba 3.3.3 
Samba Samba 3.3.1 
Samba Samba 3.3 
Samba Samba 3.2.15 
Samba Samba 3.2.14 
Samba Samba 3.2.13 
Samba Samba 3.2.12 
Samba Samba 3.2.11 
Samba Samba 3.2.10 
Samba Samba 3.2.7 
Samba Samba 3.2.6 
Samba Samba 3.2.5 
Samba Samba 3.2.4 
Samba Samba 3.2.3 
Samba Samba 3.2.2 
Samba Samba 3.2.1 
Samba Samba 3.2 
Samba Samba 3.0.37 
Samba Samba 3.0.36 
Samba Samba 3.0.35 
Samba Samba 3.0.34 
Samba Samba 3.0.33 
Samba Samba 3.0.32 
Samba Samba 3.0.31 
Samba Samba 3.0.30 
+ Mandriva Linux Mandrake 2007.1 x86_64
+ Mandriva Linux Mandrake 2007.1
+ Ubuntu Ubuntu Linux 7.04 sparc
+ Ubuntu Ubuntu Linux 7.04 powerpc
+ Ubuntu Ubuntu Linux 7.04 i386
+ Ubuntu Ubuntu Linux 7.04 amd64
Samba Samba 3.0.29 
Samba Samba 3.0.28 
Samba Samba 3.0.27 
Samba Samba 3.0.26 
Samba Samba 3.0.25 
Samba Samba 3.0.24 
Samba Samba 3.0.23 
Samba Samba 3.0.22 
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
Samba Samba 3.0.21 
Samba Samba 3.0.20 
+ Slackware Linux 10.2 
Samba Samba 3.0.19 
Samba Samba 3.0.18 
Samba Samba 3.0.17 
Samba Samba 3.0.16 
Samba Samba 3.0.15 
Samba Samba 3.0.14 
Samba Samba 3.0.13 
Samba Samba 3.0.12 
Samba Samba 3.0.11 
Samba Samba 3.0.10 
Samba Samba 3.0.9 
+ OpenPKG OpenPKG Current
+ OpenPKG OpenPKG Current
+ S.u.S.E. Linux Personal 9.1 
Samba Samba 3.0.8 
Samba Samba 3.0.7 
Samba Samba 3.0.6 
Samba Samba 3.0.5 
Samba Samba 3.0.4 
+ OpenPKG OpenPKG 2.1 
+ S.u.S.E. Linux Personal 9.1 
+ S.u.S.E. Linux Personal 9.1 
+ S.u.S.E. Linux Personal 9.1 
+ Slackware Linux 10.0 
Samba Samba 3.0.3 
Samba Samba 3.0.2 
Samba Samba 3.0.1 
Samba Samba 3.0 
Samba Samba 2.18.3 
Samba Samba 2.2.12 
Samba Samba 2.2.11 
Samba Samba 2.2.10 
Samba Samba 2.2.9 
Samba Samba 2.2.8 
Samba Samba 2.2.7 
Samba Samba 2.2.6 
+ Mandriva Linux Mandrake 9.0 
Samba Samba 2.2.5 
+ Apple Mac OS X 10.2.4 
+ Apple Mac OS X 10.2.4 
+ Apple Mac OS X 10.2.3 
+ Apple Mac OS X 10.2.3 
+ Apple Mac OS X 10.2.2 
+ Apple Mac OS X 10.2.2 
+ Apple Mac OS X 10.2.1 
+ Apple Mac OS X 10.2.1 
+ Apple Mac OS X 10.2 
+ Apple Mac OS X 10.2 
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc3
+ HP CIFS/9000 Server A.01.09.02
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09.01
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.09
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08.01
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.08
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.07
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.06
+ HP CIFS/9000 Server A.01.05
+ HP CIFS/9000 Server A.01.05
+ OpenPKG OpenPKG 1.1 
+ OpenPKG OpenPKG 1.1 
+ Redhat Linux 8.0 i686
+ Redhat Linux 8.0 i686
+ Redhat Linux 8.0 i386
+ Redhat Linux 8.0 i386
+ Redhat Linux 8.0 
+ Redhat Linux 8.0 
+ S.u.S.E. Linux 8.1 
+ S.u.S.E. Linux 8.1 
Samba Samba 2.2.4 
Samba Samba 2.2.3 
Samba Samba 2.2.2 
Samba Samba 2.2 .0
– S.u.S.E. Linux 7.2 
Samba Samba 2.0.10 
Samba Samba 2.0.9 
Samba Samba 2.0.8 
Samba Samba 2.0.7 
Samba Samba 2.0.6 
Samba Samba 2.0.5 
Samba Samba 2.0.4 
Samba Samba 2.0.3 
Samba Samba 2.0.2 
Samba Samba 2.0.1 
Samba Samba 2.0 .0
Samba Samba 1.9.19 
+ Caldera OpenLinux 1.0 
+ Caldera OpenLinux 1.0 
+ Debian Linux 1.1 
+ Debian Linux 1.1 
+ Debian Linux 0.93 
+ Debian Linux 0.93 
+ Redhat Linux 4.x
– Slackware Linux 2.0 
– Slackware Linux 2.0 
Samba Samba 1.9.18 
Samba Samba 1.9.17 
Samba Samba 4.5.3
Samba Samba 4.5.2
Samba Samba 4.4.8
Samba Samba 4.4.5
Samba Samba 4.4.4
Samba Samba 4.4.3
Samba Samba 4.4.2
Samba Samba 4.3.9
Samba Samba 4.3.8
Samba Samba 4.3.6
Samba Samba 4.3.13
Samba Samba 4.3.11
Samba Samba 4.3.10
Samba Samba 4.2.9
+ Trustix Secure Linux 2.0 
+ Trustix Secure Linux 1.5 
Samba Samba 4.2.14
Samba Samba 4.2.13
Samba Samba 4.2.12
Samba Samba 4.2.11
Samba Samba 4.1.8
Samba Samba 4.1.6
Samba Samba 4.1.5
Samba Samba 4.1.4
Samba Samba 4.1.23
Samba Samba 4.1.11
Samba Samba 4.0.9
Samba Samba 4.0.8
Samba Samba 4.0.7
Samba Samba 4.0.6
Samba Samba 4.0.5
Samba Samba 4.0.4
Samba Samba 4.0.3
Samba Samba 4.0.22
Samba Samba 4.0.16
Samba Samba 4.0.15
Samba Samba 4.0.14
Samba Samba 4.0.11
Samba Samba 4.0.1
Samba Samba 4.0.0
Samba Samba 3.6.9
Samba Samba 3.6.8
Samba Samba 3.6.7
Samba Samba 3.6.6
Samba Samba 3.6.5
Samba Samba 3.6.18
Samba Samba 3.6.17
Samba Samba 3.6.16
Samba Samba 3.6.15
Samba Samba 3.6.14
Samba Samba 3.6.13
Samba Samba 3.6.11
Samba Samba 3.6.10
Samba Samba 3.5.7
Samba Samba 3.5.6
Samba Samba 3.5.5
Samba Samba 3.5.4
Samba Samba 3.5.3
Samba Samba 3.5.20
Samba Samba 3.5.19
Samba Samba 3.5.18
Samba Samba 3.5.17
Samba Samba 3.5.15
Samba Samba 3.5.14
Samba Samba 3.5.12
Samba Samba 3.5.11
Samba Samba 3.5.10
Samba Samba 3.5
Samba Samba 3.4.9
Samba Samba 3.4.4
Samba Samba 3.4.3
Samba Samba 3.4.17
Samba Samba 3.4.16
Samba Samba 3.3.2
Samba Samba 3.2.9
Samba Samba 3.2.8
Samba Samba 3.1.0
Samba Samba 3.1
Samba Samba 2.2.1
Redhat Gluster Storage 3.0
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
Redhat Enterprise Linux 5
 
Not Vulnerable: Samba Samba 4.6.8 
Samba Samba 4.5.14 
Samba Samba 4.4.16 

发表评论