漏洞描述
Samba是一套實作SMB(Server Messages Block)協定、跨平台進行檔案共享和列印共享服務的程式。
Samba 4.0.0 - 4.1.10版本在nmbd NetBIOS名稱服務的實作上存在遠端代碼執行漏洞,惡意浏覽器可發送資料包覆寫目标名稱服務程式的堆,然後以超級使用者權限執行任意代碼。
<*來源:Volker Lendecke
連結:http://www.samba.org/samba/security/CVE-2014-3560
*>
解決方法
以下是各Linux/Unix發行版系統針對此漏洞釋出的安全公告,可以參考對應系統的安全公告修複該漏洞:
Ubuntu
----------------
USN-2305-1: [USN-2305-1] Samba vulnerability
連結: https://www.ubuntu.com/usn/usn-2305-1
Red Hat Enterprise Linux
----------------
連結: https://access.redhat.com/security/cve/CVE-2014-3560
CentOS
----------------
CESA-2014:1009: CESA-2014:1009 Important CentOS 6 samba4 Update
連結: https://lists.centos.org/pipermail/centos-announce/2014-August/020465.html
CESA-2014:1008: CESA-2014:1008 Important CentOS 6 samba Security Update
連結: https://lists.centos.org/pipermail/centos-announce/2014-August/020466.html
CESA-2014:1008: CESA-2014:1008 Important CentOS 7 samba Security Update
連結: https://lists.centos.org/pipermail/centos-announce/2014-August/020467.html
FreeBSD
----------------
89ff45e3-1a57-11e4-bebd-000c2980a9f3: samba -- remote code execution
連結: http://vuxml.freebsd.org/freebsd/89ff45e3-1a57-11e4-bebd-000c2980a9f3.html
Slackware
----------------
SSA:2014-213-01: [slackware-security] samba (SSA:2014-213-01)
連結: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.365215
openSUSE
----------------
openSUSE-SU-2014:1040-1: openSUSE Security Update: samba
連結: https://lists.opensuse.org/opensuse-updates/2014-08/msg00027.html
Fedora
----------------
FEDORA-2014-9141: Fedora 20 Update: samba-4.1.9-4.fc20
連結: https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136280.html
FEDORA-2014-9132: Fedora 19 Update: samba-4.0.21-1.fc19
連結: https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136864.html
Oracle Linux
----------------
連結: https://linux.oracle.com/cve/CVE-2014-3560.html