Samba 4.x.x全版本存在命令执行漏洞

Samba 4.x.x全版本存在命令执行漏洞

黑客资讯访客2021-10-12 8:29:006894A+A-

  Samba 4.0.0到4.1.10版本的nmbd(the NetBIOS name services daemon)被发现存在远程命令执行漏洞。CVE编号为CVE-2014-3560。目前官方已经发布最新的补丁。

  下面是官方公布的漏洞概要:

  ===========================================================

  == Subject:     Remote code execution in nmbd

  ==

  == CVE ID#:     CVE-2014-3560

  ==

  == Versions:    Samba 4.0.0 to 4.1.10

  ==

  == Summary:     Samba 4.0.0 to 4.1.10 are affected by a

  ==              remote code execution attack on

  ==unauthenticated nmbd NetBIOS name services.

  ==

  ===========================================================

  ===========

  Description

  ===========

  All current versions of Samba 4.x.x are vulnerable to a remote code

  execution vulnerability in the nmbd NetBIOS name services daemon.

  A malicious browser can send packets that may overwrite the heap of

  the target nmbd NetBIOS name services daemon. It may be possible to

  use this to generate a remote code execution vulnerability as the

  superuser (root).

  FreeBuf科普

  Samba,是种用来让UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS(Server Message Block/Common Internet File System)网络协议做链接的自由软件。第三版不仅可访问及分享SMB的文件夹及打印机,本身还可以集成入Windows Server的域名,扮演为域名控制站(Domain Controller)以及加入Active Directory成员。简而言之,此软件在Windows与UNIX系列OS之间搭起一座桥梁,让两者的资源可互通有无。

 

点击这里复制本文地址 以上内容由黑资讯整理呈现,请务必在转载分享时注明本文地址!如对内容有疑问,请联系我们,谢谢!
  • 4条评论
  • 鸢旧晚鲸2022-06-07 00:33:56
  • s that may overwrite the heap of  the target nmbd NetBIOS name services daemon. It may be pos
  • 美咩嘟醉2022-06-07 01:43:13
  • escription  ===========  All current versions of Samba 4.x.x are vulnerable to a remote code  execution vulnerability in the nmbd NetBIOS
  • 只酷贪欢2022-06-07 04:37:20
  • attack on  ==unauthenticated nmbd NetBIOS name services.  ==  ===========================================================  ===========  D
  • 掩吻逐鹿2022-06-07 11:41:43
  • d packets that may overwrite the heap of  the target nmbd NetBIOS name services daemon. It m

支持Ctrl+Enter提交

黑资讯 © All Rights Reserved.  
Copyright Copyright 2015-2020 黑资讯
滇ICP备19002590号-1
Powered by 黑客资讯 Themes by 如有不合适之处联系我们
网站地图| 发展历程| 留言建议| 网站管理