samba-3.6.23-45.AXS4
エラータID: AXSA:2017-2303:05
Samba is an open-source implementation of the Server Message Block (SMB)
protocol and the related Common Internet File System (CIFS) protocol, which
allow PC-compatible machines to share files, printers, and various
information.
Security Fix(es):
* A race condition was found in samba server. A malicious samba client could use this flaw to access files and directories in areas of the server file system not exported under the share definitions. (CVE-2017-2619)
* It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. (CVE-2017-12150)
* An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker. (CVE-2017-12163)
Asianux would like to thank the Samba project for reporting CVE-2017-2619 and
CVE-2017-12150 and Yihan Lian and Zhibin Hu (Qihoo 360 GearTeam), Stefan
Metzmacher (SerNet), and Jeremy Allison (Google) for reporting CVE-2017-12163.
Upstream acknowledges Jann Horn (Google) as the original reporter of
CVE-2017-2619; and Stefan Metzmacher (SerNet) as the original reporter of
CVE-2017-12150.
CVE-2017-12150
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-12163
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2017-2619
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Update packages.
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
N/A
SRPMS
- samba-3.6.23-45.AXS4.src.rpm
MD5: a27a503f8d72ad89d067b0dd6696704b
SHA-256: cb9bc0637fabe6ae287d36081e2621b1af5b6841912e75f7489017113249e321
Size: 28.30 MB
Asianux Server 4 for x86
- libsmbclient-3.6.23-45.AXS4.i686.rpm
MD5: b2c866b1f1e0453cdc0fefbf163a7e61
SHA-256: a63415cb7de5228f3c5c34dc922166f119053309cf9c3fca127cbf157771dbe8
Size: 1.60 MB - samba-3.6.23-45.AXS4.i686.rpm
MD5: 799323c4cd4aa8b04f75607840def709
SHA-256: 98bc07689525f894e8b740c22894bd4fd7cb00558ea67109f60e9aaf4075258f
Size: 5.09 MB - samba-client-3.6.23-45.AXS4.i686.rpm
MD5: 1ac20fe0b3e278b132553847fbc99f6d
SHA-256: 696205b960e0227127de5e25d928128b7e38a6791f4168924af15914aa6d3b3e
Size: 10.91 MB - samba-common-3.6.23-45.AXS4.i686.rpm
MD5: 9cb0685a78230b42c97092356da1a399
SHA-256: 4dae0bc4f7748b016450c42de686bc0e89d649aa9714f6261b9492bf4be3f761
Size: 10.12 MB - samba-winbind-3.6.23-45.AXS4.i686.rpm
MD5: 86e332aa292cec9a86e593a3dd05ccf4
SHA-256: 814bac7d24efdaa59d18830a07945640d37a11d796257ac6ea20135edef40549
Size: 2.17 MB - samba-winbind-clients-3.6.23-45.AXS4.i686.rpm
MD5: b6f63ee47c66fb07327486cde1502561
SHA-256: 79101d035741a765b34d4c52e54e4b70e016e74144b5fa14e367a2110082379e
Size: 2.02 MB
Asianux Server 4 for x86_64
- libsmbclient-3.6.23-45.AXS4.x86_64.rpm
MD5: a85a4ff51b1c9a876c407921fd70a2a0
SHA-256: 00073e12e02021fe244cedb746ebf96eb6a37bdff1f233590877819133150fb2
Size: 1.62 MB - samba-3.6.23-45.AXS4.x86_64.rpm
MD5: 91b07c765f728cdbed4c833b7e26cf7a
SHA-256: 1210ab748c9bb014ab29c488ff1bfeb2e2bf9b6681784ad09ea395c58a10a24e
Size: 5.09 MB - samba-client-3.6.23-45.AXS4.x86_64.rpm
MD5: 9e4c29b79cda0cd5c6f4bc63a15fa0af
SHA-256: d5dad3b8bf6470769ec73e3b173693a6a67e8af14f5a11288f848af54b527682
Size: 10.98 MB - samba-common-3.6.23-45.AXS4.x86_64.rpm
MD5: 6edc8f1ec000a27526ed7fdaaee43616
SHA-256: fc911c902c09cb2dbac28210cf36a6718d7571d16f6d5bed2b79164611bbe52a
Size: 10.14 MB - samba-winbind-3.6.23-45.AXS4.x86_64.rpm
MD5: 8eeb70b119b5358caec13de70956be1c
SHA-256: a08446cd6e4982453a742e5958ecf4183ae003ba6ff58ec4495f7e3dee5909d8
Size: 2.17 MB - samba-winbind-clients-3.6.23-45.AXS4.x86_64.rpm
MD5: 1e0410652b8b3f9efde405e0b1258ff1
SHA-256: afcde77cca87558dfeed1edfe41c92e2c285f645f6bb6405323be6891a20ce9b
Size: 2.03 MB - libsmbclient-3.6.23-45.AXS4.i686.rpm
MD5: b2c866b1f1e0453cdc0fefbf163a7e61
SHA-256: a63415cb7de5228f3c5c34dc922166f119053309cf9c3fca127cbf157771dbe8
Size: 1.60 MB - samba-common-3.6.23-45.AXS4.i686.rpm
MD5: 9cb0685a78230b42c97092356da1a399
SHA-256: 4dae0bc4f7748b016450c42de686bc0e89d649aa9714f6261b9492bf4be3f761
Size: 10.12 MB - samba-winbind-clients-3.6.23-45.AXS4.i686.rpm
MD5: b6f63ee47c66fb07327486cde1502561
SHA-256: 79101d035741a765b34d4c52e54e4b70e016e74144b5fa14e367a2110082379e
Size: 2.02 MB
日本語