标签：0488 Samba centos 链接 https org 2063 2010

Samba是一套实现SMB（Server Messages Block）协议、跨平台进行文件共享和打印共享服务的程序。Samba的process.c文件中chain_reply函数处理链接SMB1报文时没有正确地验证客户端所提供的输入字段，恶意客户端可以向Samba服务器发送特制的SMB报文触发堆内存破坏，导致以Samba服务器（smbd）的权限执行任意代码。利用这个漏洞无需认证，且samba的默认配置便受这个漏洞影响。<*来源：Jun Mao    链接：http://secunia.com/advisories/40145/        http://www.samba.org/samba/security/CVE-2010-2063.html        https://rhn.redhat.com/errata/RHSA-2010-0488.html        http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=873*>解决方法 以下是各Linux/Unix发行版系统针对此漏洞发布的安全公告，可以参考对应系统的安全公告修复该漏洞:Ubuntu----------------USN-951-1: [USN-951-1] Samba vulnerability链接: https://www.ubuntu.com/usn/usn-951-1Red Hat Enterprise Linux----------------链接: https://access.redhat.com/security/cve/CVE-2010-2063CentOS----------------CESA-2010:0488: CESA-2010:0488 Critical CentOS 3 i386 samba - security update链接: https://lists.centos.org/pipermail/centos-announce/2010-August/016910.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 3 x86_64 samba - security update链接: https://lists.centos.org/pipermail/centos-announce/2010-August/016911.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 4 i386 samba Update链接: https://lists.centos.org/pipermail/centos-announce/2010-July/016787.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 4 x86_64 samba Update链接: https://lists.centos.org/pipermail/centos-announce/2010-July/016788.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 5 i386 samba Update链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016734.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 5 x86_64 samba Update链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016733.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 5 i386 samba3x Update链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016737.htmlCESA-2010:0488: CESA-2010:0488 Critical CentOS 5 x86_64 samba3x Update链接: https://lists.centos.org/pipermail/centos-announce/2010-June/016738.htmlGentoo----------------GLSA-201206-22: Samba: Multiple vulnerabilities链接: https://security.gentoo.org/glsa/201206-22Slackware----------------SSA:2010-169-01: [slackware-security] samba (SSA:2010-169-01)链接: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.471914openSUSE----------------SUSE-SA:2010:025: SUSE Security Announcement: Samba (SUSE-SA:2010:025)链接: https://lists.opensuse.org/opensuse-security-announce/2010-07/msg00000.htmlopenSUSE-SU-2010:0346-1: openSUSE Security Update: samba: Fixed various security issues链接: https://lists.opensuse.org/opensuse-updates/2010-06/msg00011.htmlOracle Linux----------------链接: https://linux.oracle.com/cve/CVE-2010-2063.htmlDebian----------------DSA-2061: DSA-2061-1 samba -- memory corruption链接: https://www.debian.org/security/2010/dsa-2061

标签：0488,Samba,centos,链接,https,org,2063,2010
来源： https://www.cnblogs.com/mrhonest/p/10892718.html

本站声明： 1. iCode9 技术分享网（下文简称本站）提供的所有内容，仅供技术学习、探讨和分享；
2. 关于本站的所有留言、评论、转载及引用，纯属内容发起人的个人观点，与本站观点和立场无关；
3. 关于本站的所有言论和文字，纯属内容发起人的个人观点，与本站观点和立场无关；
4. 本站文章均是网友提供，不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属；如您发现该文章侵犯了您的权益，可联系我们第一时间进行删除；
5. 本站为非盈利性的个人网站，所有内容不会用来进行牟利，也不会利用任何形式的广告来间接获益，纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。