samba-4.18.6-1.el8
エラータID: AXSA:2023-7219:13
リリース日:
2023/12/25 Monday - 05:11
題名:
samba-4.18.6-1.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Winbind の winbindd_pam_auth_crap.c には、NTLM 認証
の応答パケットのサイズをチェック処理が不十分な問題がある
ため、リモートの攻撃者により、細工された NTLM 認証の
リクエストを介して、サービス拒否攻撃 (クラッシュの発生)
を可能とする脆弱性が存在します。(CVE-2022-2127)
- Samba の Spotlight 検索機能の sl_unpack_loop() 関数
には、受信したパケット内のデータ検証処理の欠落に起因して
無限ループが発生する問題があるため、リモートの攻撃者により、
細工された Spotlight mdssvc RPC パケットを介して、
サービス拒否攻撃 (CPU リソース枯渇) を可能とする脆弱性
が存在します。(CVE-2023-34966)
- Samba の Spotlight 検索機能向けの mdssvc RPC サービス
には、データ側のチェック処理が欠落しているため、リモート
の攻撃者により、細工された Spotlight mdssvc RPC パケット
を介して、サービス拒否攻撃 (クラッシュの発生) を可能と
する脆弱性が存在します。(CVE-2023-34967)
- Samba の Spotlight プロトコルの処理には、リモートの
攻撃者により、細工された RPC リクエストを介して、検索
クエリのレスポンスに含まれるファイルやディレクトリの
サーバー側の絶対パスの漏洩を可能とする脆弱性が存在します。
(CVE-2023-34968)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-2127
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.
CVE-2023-34966
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.
CVE-2023-34967
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
CVE-2023-34968
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
追加情報:
N/A
ダウンロード:
SRPMS
- samba-4.18.6-1.el8.src.rpm
MD5: 2f4badcd6284b1716f5691bbd6832b21
SHA-256: ecb01d61ef87785cbb40db630c67a599b75eae90a0c5bfbefa1cd0dcba68d0a8
Size: 25.19 MB
Asianux Server 8 for x86_64
- ctdb-4.18.6-1.el8.x86_64.rpm
MD5: 734b16c0eb49f2cd41dca5158dd17fdf
SHA-256: 13c02aa8ced6e5ddb6086a7b4852f59a8b5f1581483b623f0da42087b684c093
Size: 813.41 kB - libnetapi-4.18.6-1.el8.i686.rpm
MD5: 850192ce887d6fbd18c16cd64665f447
SHA-256: eded85f637151263f3fb3cc55004e5530cbb8ade50d1c668325c60c2d0a84b72
Size: 225.84 kB - libnetapi-4.18.6-1.el8.x86_64.rpm
MD5: 66c809f3526f8b45a4dea56b78087a2b
SHA-256: 929d6a52ad6c46186f75f0a22ba1bfd4d4b050bbb6813dcf15cf2d0f6dca56e9
Size: 213.48 kB - libnetapi-devel-4.18.6-1.el8.i686.rpm
MD5: fc57ddb1d097353772b2226588442411
SHA-256: 261f6e1a9f213531a39f5747d88102c960b0b3ae8c5db9ca85b105e85526451d
Size: 106.82 kB - libnetapi-devel-4.18.6-1.el8.x86_64.rpm
MD5: dd566d2b84f318c22ef5994f69e49196
SHA-256: eca0ef141863f9f957994d94fcbcb13aaf8cc1e536aecfd6167d7040536656fa
Size: 106.81 kB - libsmbclient-4.18.6-1.el8.i686.rpm
MD5: b5bdadd751c54352ec4577c78e32b9e8
SHA-256: 79b8955b7adc22f933f3e862fc0d7c44506c86553a51f4acb8ecf15f2e7defd1
Size: 158.82 kB - libsmbclient-4.18.6-1.el8.x86_64.rpm
MD5: 9f59a3705e0d0dc8ef644cd941981504
SHA-256: a99d9b67cd1b229475e6ca7ee8144ea29d7af624d16139b670b160468ae7e66f
Size: 153.32 kB - libsmbclient-devel-4.18.6-1.el8.i686.rpm
MD5: 9ec5d216d88b76bfef3652a6ab8cf19f
SHA-256: 8da1423095d18346b1fb9e5ec2a7d527546553f28cd5978c5ff45e57aea33a48
Size: 118.26 kB - libsmbclient-devel-4.18.6-1.el8.x86_64.rpm
MD5: abc10ebfa435dd0d7ea0c10b656e50d2
SHA-256: 66f1ae688854f8a398736a19ebb319d8a37bd123720d824f22b8bf21e27c7fc3
Size: 118.24 kB - libwbclient-4.18.6-1.el8.i686.rpm
MD5: c36c7578258ed036ee0fbda73cff2536
SHA-256: 0ea9aac3a160fad838d005a742e94c000e4006cd6c66c9c737bbc68bc010dc84
Size: 129.34 kB - libwbclient-4.18.6-1.el8.x86_64.rpm
MD5: 10648571e4a1dd32a732a111e2b84865
SHA-256: 7f25cf2185d7c90a79745e2a389785389bff8440f5101595072dec57818a0adb
Size: 125.70 kB - libwbclient-devel-4.18.6-1.el8.i686.rpm
MD5: 2e390031f55810987d0e220fbc6c3966
SHA-256: faac00270886a025e83aa1a77127e07b2c05f99129111a8d8f7adde3975fd180
Size: 106.07 kB - libwbclient-devel-4.18.6-1.el8.x86_64.rpm
MD5: dc21b2316461c9c4b86bad5c1bec0c9b
SHA-256: 0ae1c8b80cdd93a230154573606fdc935a330d1a613e85e1f5c79dec22efd569
Size: 106.04 kB - python3-samba-4.18.6-1.el8.i686.rpm
MD5: 921015bc79ef50ab62c2f9a6d0765463
SHA-256: 9e553af056953221444909cba3d1f82ffb9b0e2d86754b592f4ddcba8ec1d773
Size: 3.29 MB - python3-samba-4.18.6-1.el8.x86_64.rpm
MD5: c3f66f8f36aee41f94e22e7299a0e9bd
SHA-256: 91b8b5506ebd994d13e7157b1efd28f0062c626c2a17087102d5b8d97f8d50e6
Size: 3.41 MB - python3-samba-dc-4.18.6-1.el8.x86_64.rpm
MD5: b8964bb34eb4de57d4e857a4fa8ae9d8
SHA-256: f3562f0c6fe995f3136452e4362a790959997543d76242a76e15b71f00fcc28d
Size: 419.31 kB - python3-samba-devel-4.18.6-1.el8.i686.rpm
MD5: 2dd710a90e463aa32348a8aac99484f7
SHA-256: ceac33fe41015524dd3e30c7eba29fce69b73d69b578ebae83c7cbeca4798c74
Size: 96.74 kB - python3-samba-devel-4.18.6-1.el8.x86_64.rpm
MD5: 6be8c4b91a7bd195c8332cc434fb7f1c
SHA-256: c409234c97f5d30b90b7850de58ce89e5c2f3bf6791d4aec506d359363f57a29
Size: 96.74 kB - python3-samba-test-4.18.6-1.el8.x86_64.rpm
MD5: 569d25fc04caa248f6fb14a63b36572b
SHA-256: 24cf576fa0080b96f24f1eb54eb24191a8b9289b3ac2e0d7271a81061d00650f
Size: 1.19 MB - samba-4.18.6-1.el8.x86_64.rpm
MD5: 801632e9888686a3bb915793c98aa4ca
SHA-256: e0c8f01461b15fb7306bfd68e187e78f5f1b5f4d864783b9e2c977c4440534a7
Size: 0.99 MB - samba-client-4.18.6-1.el8.x86_64.rpm
MD5: b0e234ac3a1aac21cf89580e66312f11
SHA-256: a537e54b705a530536b42dba2f3fa1acb5a3995bc63e186a914537ef31cc24a1
Size: 726.29 kB - samba-client-libs-4.18.6-1.el8.i686.rpm
MD5: 9588ea2735a8079f8b545b25f5d46229
SHA-256: 60ae2fd785d7b91ac3244d36c0188392b3a8fef9cebbc958ff2dd459717dea4f
Size: 5.39 MB - samba-client-libs-4.18.6-1.el8.x86_64.rpm
MD5: 85e396077d2af5ccd94a0197fd827d17
SHA-256: 91b940f17d547b7b2b7e50cfef122c48a4a72e2cd351cbecd5bf7d526e62d964
Size: 5.02 MB - samba-common-4.18.6-1.el8.noarch.rpm
MD5: ce2353b8da6f7271965304ba9a4df8fd
SHA-256: 45cc25c7f5fd4e7cea2095e158796fa7942b1c6753e82a3a0fa657c8885060bf
Size: 230.83 kB - samba-common-libs-4.18.6-1.el8.i686.rpm
MD5: 028787d25b125041adc37cab4ecb9209
SHA-256: 37abed045f17e4900114d90a59e019fc6e3c999d443e6fe2fc0b8eca37ec3981
Size: 190.33 kB - samba-common-libs-4.18.6-1.el8.x86_64.rpm
MD5: 3edcddc906c260a7a8c9d8c923726caf
SHA-256: 6665da50d38b7688b206afcd1e361cb89a3b39bbe739f735e60faff2277fb259
Size: 180.38 kB - samba-common-tools-4.18.6-1.el8.x86_64.rpm
MD5: 86cfeecddfe152d67274236c9812e547
SHA-256: 3f3af3ff472cc8bc121e76dadb0ab57583a1d7e38ea3457785b6d688cc057288
Size: 530.66 kB - samba-dcerpc-4.18.6-1.el8.x86_64.rpm
MD5: 3f3b7b9b8af04b59b3069ab44b7164d3
SHA-256: 7cb053a3a76dfe907ded21795f09b8448c71d0f1a61a21c85736015d85c45281
Size: 759.80 kB - samba-dc-libs-4.18.6-1.el8.i686.rpm
MD5: 7881a4d2ff061c98b81c22934a0b587c
SHA-256: 9c9022c3a5ca43c224d5d61d53a2b241cdbfaa68d341168cdb53249b7dc24ec1
Size: 112.96 kB - samba-dc-libs-4.18.6-1.el8.x86_64.rpm
MD5: 176d6f233e82e576e419cf7ad473b45f
SHA-256: 5fe7e5eb2231c922ea8a77456052f16085c0dffbc584b8a31d809a3a1c5486c0
Size: 111.42 kB - samba-devel-4.18.6-1.el8.i686.rpm
MD5: 04cad36617663674a7cd43441c2046ca
SHA-256: a817b72f6a5b43a73999f6702bbc19ecbfc54fb5d0625b711ccd3d011c80d2d6
Size: 308.69 kB - samba-devel-4.18.6-1.el8.x86_64.rpm
MD5: 9b30a7f0135e6aa5d7944b64c30d035e
SHA-256: ffafeda51e772f55765860db4ccd3ae54d547fd7d638034dd887df761fc78129
Size: 308.81 kB - samba-krb5-printing-4.18.6-1.el8.x86_64.rpm
MD5: 4247cb0b08a52e09e137f34ad90355f1
SHA-256: 0281cebbce7c24265684b8bc19263f578dfc2905911f8284119521f7fa03b447
Size: 104.12 kB - samba-ldb-ldap-modules-4.18.6-1.el8.x86_64.rpm
MD5: a4fac66449d30319bb17a0e1aead497d
SHA-256: a2127f393848352a3e295d41da674c072720d2424161ebfe5339a931db1858a8
Size: 109.98 kB - samba-libs-4.18.6-1.el8.i686.rpm
MD5: a70c0dec56f49107a779be911cdbbf71
SHA-256: b1242b8945e8b42c8389e878d443136b640e554794ce7b150226e7b5badec528
Size: 205.93 kB - samba-libs-4.18.6-1.el8.x86_64.rpm
MD5: 20429c0e9c7c0277b52252951c642021
SHA-256: 0397cf7eb6013702b3b9d3a692100f2809da4a69666aeb280afe34dfd4bdd7ff
Size: 198.73 kB - samba-pidl-4.18.6-1.el8.noarch.rpm
MD5: 7b7629daf0d22afda247fca679ed1ee6
SHA-256: cdf076db6fde89c5d3f96c90ab172676df1f9212c7f0ee78dbe4d2b278eeb54b
Size: 201.52 kB - samba-test-4.18.6-1.el8.x86_64.rpm
MD5: 6d6ed99517a845ce30b599b72b8e1497
SHA-256: 61885ded1b7d89fd786fb1e89f0dee28e0d0cd9e29e0d8416b2cd9f3fd203dfc
Size: 2.29 MB - samba-test-libs-4.18.6-1.el8.x86_64.rpm
MD5: e888d3ce34d06488e437311dcb8feed3
SHA-256: 5ab5bd7ba7358461244ee855ef0bd98cbf51707f40374192c3a7fb856a43fc69
Size: 124.27 kB - samba-tools-4.18.6-1.el8.x86_64.rpm
MD5: 13c2870152c60f8be7038440b66b3d2f
SHA-256: ed5de09303fc445154e8789f93911c7fe4b34da5d4a7fa93b0fa33719611f4f9
Size: 106.31 kB - samba-usershares-4.18.6-1.el8.x86_64.rpm
MD5: 6a516c5e3e480a1ce8650cab5960eb13
SHA-256: 90dc52545f69afff71a2e80adbf0f986588f5f98ab491669638dd163e5a4e06f
Size: 96.71 kB - samba-vfs-iouring-4.18.6-1.el8.x86_64.rpm
MD5: 8cb92baeae8d66f300bda1b1975ad5a8
SHA-256: 935877fb02493c77f94667d60753a5c400421ac5031f9d8024b5749748e82a70
Size: 107.12 kB - samba-winbind-4.18.6-1.el8.x86_64.rpm
MD5: 68c6b2566984bc6d3c28b608979378f0
SHA-256: d0b8b62dc038dc0c423be14e257222769261c7454b544f6bc5f3165eebee9536
Size: 484.71 kB - samba-winbind-clients-4.18.6-1.el8.x86_64.rpm
MD5: 1ac3e65c19458334812e503989fd5feb
SHA-256: c94b0bf7f1d2d6fad73358d81bcd765d5cf4ed4df68f494c0661404d5fccb7b8
Size: 179.57 kB - samba-winbind-krb5-locator-4.18.6-1.el8.x86_64.rpm
MD5: 344b3dcb878ce227f3b326fdf4ff3dcf
SHA-256: d4940a2218bc0900c58b8304b23f704b5c88c86864af880141edd459a45942c9
Size: 129.25 kB - samba-winbind-modules-4.18.6-1.el8.i686.rpm
MD5: ed5a4e0ab38daa4a4996e9a4da26b4fc
SHA-256: e5b413d4f529192436823fcd217627ceaff31ee85faa58eee544a2368e7684ce
Size: 173.85 kB - samba-winbind-modules-4.18.6-1.el8.x86_64.rpm
MD5: fb89a2e9fd65dfaecb2a4cde863c0ac2
SHA-256: 05143a09d58e460e83653c0dc458034da2d8818ebfa079c2d8ae0e25a8d0152f
Size: 166.81 kB - samba-winexe-4.18.6-1.el8.x86_64.rpm
MD5: 0aab9ea8ef82af5ceced52b79088e6b9
SHA-256: a0f29bc2971524201e88c9e1480959a807d44e773a7ba5ef506490334272c1be
Size: 135.27 kB
English