Samba smbclient "client/client.c" 格式化字符串和代码执行漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117794 漏洞类型 格式化字符串
发布时间 2009-05-19 更新时间 2009-06-26
CVE编号 CVE-2009-1886 CNNVD-ID CNNVD-200906-390
漏洞平台 Linux CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/33053
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200906-390
|漏洞详情
Samba是一套实现SMB(ServerMessagesBlock)协议、跨平台进行文件共享和打印共享服务的程序。smbclient工具在处理从命令参数所接收到的文件名时存在格式串错误,用户受骗发布带有恶意参数的put命令就可能导致执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/35472/info

Samba is prone to multiple vulnerabilities.

Attackers can leverage these issues to execute arbitrary code within the context of the vulnerable application or to bypass certain security restrictions.

Samba 3.0.31 through 3.3.5 are affected.

The following proof of concept is available:

smb: \> put aa%3Fbb
|参考资料

来源:VUPEN
名称:ADV-2009-1664
链接:http://www.vupen.com/english/advisories/2009/1664
来源:BID
名称:35472
链接:http://www.securityfocus.com/bid/35472
来源:www.samba.org
链接:http://www.samba.org/samba/security/CVE-2009-1886.html
来源:www.samba.org
链接:http://www.samba.org/samba/ftp/patches/security/samba-3.2.12-CVE-2009-1886.patch
来源:XF
名称:samba-smbclient-format-string(51328)
链接:http://xforce.iss.net/xforce/xfdb/51328
来源:UBUNTU
名称:USN-839-1
链接:http://www.ubuntu.com/usn/USN-839-1
来源:SLACKWARE
名称:SSA:2009-177-01
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.521591
来源:SECTRACK
名称:1022441
链接:http://www.securitytracker.com/id?1022441
来源:MANDRIVA
名称:MDVSA-2009:196
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:196
来源:DEBIAN
名称:DSA-1823
链接:http://www.debian.org/security/2009/dsa-1823
来源:SECUNIA
名称:36918
链接:http://secunia.com/advisories/36918
来源:SECUNIA
名称:35606
链接:http://secunia.com/advisories/35606
来源:SECUNIA
名称:35573
链接:http://secunia.com/advi