Samba 4.0.0到4.1.10版本的nmbd(the NetBIOS name services daemon)被发现存在远程命令执行 漏洞。CVE编号为CVE-2014-3560。目前官方已经发布最新的补丁。 下面是官方公布的漏洞概要:
============================================================= Subject: Remote code execution in nmbd ==== CVE ID#: CVE-2014-3560==== Versions: Samba 4.0.0 to 4.1.10==== Summary: Samba 4.0.0 to 4.1.10 are affected by a == remote code execution attack on ==unauthenticated nmbd NetBIOS name services.========================================================================Description===========All current versions of Samba 4.x.x are vulnerable to a remote code execution vulnerability in the nmbd NetBIOS name services daemon. A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon. It may be possible to use this to generate a remote code execution vulnerability as the superuser (root).
FreeBuf科普 Samba,是种用来让UNIX系列的操作 系统与微软Windows操作系统的SMB/CIFS(Server Message Block/Common Internet File System)网络协议做链接的自由软件。第三版不仅可访问及分享SMB的文件夹及打印机,本身还可以集成入Windows Server的域名,扮演为域名控制站(Domain Controller)以及加入Active Directory成员。简而言之,此软件在Windows与UNIX系列OS之间搭起一座桥梁,让两者的资源可互通有无。 |
-
上一篇: 快达航空公司越权+另类秒改帐号密码 - 网站安全
下一篇: Access数据库基于时间盲注的实现 - 网站安全 - 自
还没有人抢沙发呢~