samba-3.6.23-45.AXS4
エラータID: AXSA:2017-2303:05
リリース日:
2017/10/09 Monday - 21:09
題名:
samba-3.6.23-45.AXS4
影響のあるチャネル:
Asianux Server 4 for x86_64
Asianux Server 4 for x86
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- samba には,ある設定オプションが有効な場合,「SMB 署名」を強制しない
問題があり,リモートの攻撃者が中間者攻撃を行い,平文で情報を取得する
脆弱性があります。(CVE-2017-12150)
- samba の samba クライアントが最大のプロトコルセットが
SMB3 として暗号化を行う問題があり,そのコネクションでは DFS
リダイレクトの署名と暗号化の要求を失ってしまい,中間者攻撃に
よって,攻撃者がコネクションの内容を読み込んだり変更する
可能性のある脆弱性があります。(CVE-2017-12151)
- SMB1 プロトコルには情報漏洩の問題があり,不正なクライアントが
攻撃者によってサーバのメモリの厳密な領域をコントロールできないものの,
samba 共有上のファイルあるいは共有プリンタへサーバのメモリの
内容を書き出す可能性のある脆弱性があります。(CVE-2017-12163)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2017-12150
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
It was found that samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
CVE-2017-12163
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
An information leak flaw was found in the way SMB1 protocol was implemented by Samba before 4.4.16, 4.5.x before 4.5.14, and 4.6.x before 4.6.8. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
CVE-2017-2619
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
追加情報:
N/A
ダウンロード:
SRPMS
- samba-3.6.23-45.AXS4.src.rpm
MD5: a27a503f8d72ad89d067b0dd6696704b
SHA-256: cb9bc0637fabe6ae287d36081e2621b1af5b6841912e75f7489017113249e321
Size: 28.30 MB
Asianux Server 4 for x86
- libsmbclient-3.6.23-45.AXS4.i686.rpm
MD5: b2c866b1f1e0453cdc0fefbf163a7e61
SHA-256: a63415cb7de5228f3c5c34dc922166f119053309cf9c3fca127cbf157771dbe8
Size: 1.60 MB - samba-3.6.23-45.AXS4.i686.rpm
MD5: 799323c4cd4aa8b04f75607840def709
SHA-256: 98bc07689525f894e8b740c22894bd4fd7cb00558ea67109f60e9aaf4075258f
Size: 5.09 MB - samba-client-3.6.23-45.AXS4.i686.rpm
MD5: 1ac20fe0b3e278b132553847fbc99f6d
SHA-256: 696205b960e0227127de5e25d928128b7e38a6791f4168924af15914aa6d3b3e
Size: 10.91 MB - samba-common-3.6.23-45.AXS4.i686.rpm
MD5: 9cb0685a78230b42c97092356da1a399
SHA-256: 4dae0bc4f7748b016450c42de686bc0e89d649aa9714f6261b9492bf4be3f761
Size: 10.12 MB - samba-winbind-3.6.23-45.AXS4.i686.rpm
MD5: 86e332aa292cec9a86e593a3dd05ccf4
SHA-256: 814bac7d24efdaa59d18830a07945640d37a11d796257ac6ea20135edef40549
Size: 2.17 MB - samba-winbind-clients-3.6.23-45.AXS4.i686.rpm
MD5: b6f63ee47c66fb07327486cde1502561
SHA-256: 79101d035741a765b34d4c52e54e4b70e016e74144b5fa14e367a2110082379e
Size: 2.02 MB
Asianux Server 4 for x86_64
- libsmbclient-3.6.23-45.AXS4.x86_64.rpm
MD5: a85a4ff51b1c9a876c407921fd70a2a0
SHA-256: 00073e12e02021fe244cedb746ebf96eb6a37bdff1f233590877819133150fb2
Size: 1.62 MB - samba-3.6.23-45.AXS4.x86_64.rpm
MD5: 91b07c765f728cdbed4c833b7e26cf7a
SHA-256: 1210ab748c9bb014ab29c488ff1bfeb2e2bf9b6681784ad09ea395c58a10a24e
Size: 5.09 MB - samba-client-3.6.23-45.AXS4.x86_64.rpm
MD5: 9e4c29b79cda0cd5c6f4bc63a15fa0af
SHA-256: d5dad3b8bf6470769ec73e3b173693a6a67e8af14f5a11288f848af54b527682
Size: 10.98 MB - samba-common-3.6.23-45.AXS4.x86_64.rpm
MD5: 6edc8f1ec000a27526ed7fdaaee43616
SHA-256: fc911c902c09cb2dbac28210cf36a6718d7571d16f6d5bed2b79164611bbe52a
Size: 10.14 MB - samba-winbind-3.6.23-45.AXS4.x86_64.rpm
MD5: 8eeb70b119b5358caec13de70956be1c
SHA-256: a08446cd6e4982453a742e5958ecf4183ae003ba6ff58ec4495f7e3dee5909d8
Size: 2.17 MB - samba-winbind-clients-3.6.23-45.AXS4.x86_64.rpm
MD5: 1e0410652b8b3f9efde405e0b1258ff1
SHA-256: afcde77cca87558dfeed1edfe41c92e2c285f645f6bb6405323be6891a20ce9b
Size: 2.03 MB - libsmbclient-3.6.23-45.AXS4.i686.rpm
MD5: b2c866b1f1e0453cdc0fefbf163a7e61
SHA-256: a63415cb7de5228f3c5c34dc922166f119053309cf9c3fca127cbf157771dbe8
Size: 1.60 MB - samba-common-3.6.23-45.AXS4.i686.rpm
MD5: 9cb0685a78230b42c97092356da1a399
SHA-256: 4dae0bc4f7748b016450c42de686bc0e89d649aa9714f6261b9492bf4be3f761
Size: 10.12 MB - samba-winbind-clients-3.6.23-45.AXS4.i686.rpm
MD5: b6f63ee47c66fb07327486cde1502561
SHA-256: 79101d035741a765b34d4c52e54e4b70e016e74144b5fa14e367a2110082379e
Size: 2.02 MB