samba-3.0.33-3.40.0.1.AXS3
エラータID: AXSA:2014-583:01
リリース日:
2014/10/06 Monday - 11:38
題名:
samba-3.0.33-3.40.0.1.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Samba の SWAT には,(1) FRAME あるいは (2) IFRAME 要素によって,リモートの攻撃者がクリックジャッキング攻撃を行う脆弱性があります。 (CVE-2013-0213)
- Samba の SWAT にはクロスサイトリクエストフォージェリ (CSRF) 脆弱性が存在し,SWAT のアクションを行うパスワードとリクエストの作成の知識をきっかけにすることによって,リモートの攻撃者が任意のユーザの認証をハイジャックする脆弱性があります。 (CVE-2013-0214)
- Samba の smbd の read_nttrans_ea_list 関数には,整数オーバーフローが存在し,不正なパケットによって,リモートの攻撃者がサービス拒否 (メモリ消費) を引き起こす脆弱性があります。(CVE-2013-4124)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-4124
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
CVE-2013-0213
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
CVE-2013-0214
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
追加情報:
N/A
ダウンロード:
SRPMS
- samba-3.0.33-3.40.0.1.AXS3.src.rpm
MD5: 4597ef7679b65f5dd4137ac7d121f6fe
SHA-256: ca651a9845019a4220ad6513aa7b9a125b9d8e8fccfe6836b6dc1822807287f9
Size: 48.21 MB
Asianux Server 3 for x86
- libsmbclient-3.0.33-3.40.0.1.AXS3.i386.rpm
MD5: 4b8e2c9183a7a590af07230d0009e86d
SHA-256: 8996cad6cfd186f8075c6a9ac029fdc3428b077ccddf535908ee0182a10d6c2e
Size: 909.82 kB - libsmbclient-devel-3.0.33-3.40.0.1.AXS3.i386.rpm
MD5: 0514147bac9cb41aa7bcea53202af3dd
SHA-256: 13b5c3be6ec859cf5febd39e912be10b5342bc4c4942b8faff1a36eeb37e190e
Size: 1.16 MB - samba-3.0.33-3.40.0.1.AXS3.i386.rpm
MD5: 51d71e25ef58c2b74f78682b219f9f0f
SHA-256: 64e25952482a6789929647d25ffb595d93b7c45df2a27e3ede35eac64f56a220
Size: 16.44 MB - samba-client-3.0.33-3.40.0.1.AXS3.i386.rpm
MD5: d66ade4123068b366a94b3dd03cda8bb
SHA-256: d391228197420a40b4a44a0112e9d91db402d8d1e129950b7dd4f9fc61711f8b
Size: 5.72 MB - samba-common-3.0.33-3.40.0.1.AXS3.i386.rpm
MD5: 88e0c404d82658b9cf20edb3a6d578a3
SHA-256: dc06e24975fd239188a103c5c95326c42e334c89be7a3fde0245b657c349f025
Size: 6.84 MB - samba-swat-3.0.33-3.40.0.1.AXS3.i386.rpm
MD5: 5f10d25f22a1b9dd49d3d032e61fe8bf
SHA-256: 27bb47c62abd56085ac30b8c9ad6b986b296608dafc3f636c6baaed2e09eacef
Size: 8.91 MB
Asianux Server 3 for x86_64
- libsmbclient-3.0.33-3.40.0.1.AXS3.x86_64.rpm
MD5: 5261379b6646569cfb92066406ed4018
SHA-256: 8b205363e74e7d43e56e44874e601bb9b8ca96bfd62e64b73caf1348f7d5da48
Size: 918.23 kB - libsmbclient-devel-3.0.33-3.40.0.1.AXS3.x86_64.rpm
MD5: 00e9530871af27652e3859e485f073d8
SHA-256: 49ecb39d5d4c07a691da80a5f78d7f155eaf2f728b0ffd8e30badb64bd820fd6
Size: 1.17 MB - samba-3.0.33-3.40.0.1.AXS3.x86_64.rpm
MD5: 2e91f4620057b7e6723a9de99376589a
SHA-256: 333178db3e76de860e5019442e41f89ec83b3d288ac3f4af591202073f8fe1f4
Size: 16.52 MB - samba-client-3.0.33-3.40.0.1.AXS3.x86_64.rpm
MD5: 48f455d2a0dbcd18cf0c63d0cda8f8df
SHA-256: ad72c90d002933573e0388305b42722bb5bddc9ed0ec2a504873e90ea0809797
Size: 5.78 MB - samba-common-3.0.33-3.40.0.1.AXS3.x86_64.rpm
MD5: 001b4b6331843870aee6be3d27776690
SHA-256: c7b1b3390f3c66db81869cb48e8282b410821479cd0bcd42142e899f0d16b654
Size: 6.96 MB - samba-swat-3.0.33-3.40.0.1.AXS3.x86_64.rpm
MD5: dbe4d2a2d44c74b4b20d8815bb6f60a5
SHA-256: a12e293b1ebc1c02e6962e6daf062411332994d867db68d094b3f5a0d383819c
Size: 8.91 MB