公告ID(KYSA-201605-0001)
公告ID:KYSA-201605-0001
公告摘要:samba安全漏洞
等级:中等
发布日期:2023-03-28
详细介绍
1. 修复的CVE
CVE-2015-5370
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba中存在安全漏洞,该漏洞源于程序没有正确实现DCE-RPC层。远程攻击者可利用该漏洞实施protocol-downgrade攻击,造成拒绝服务(应用程序崩溃或CPU消耗),或在客户端系统中执行任意代码。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2110
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba的NTLMSSP身份验证实现过程中存在安全漏洞。攻击者可通过修改client-server数据流,删除application-layer标志或加密设置利用该漏洞实施中间人攻击和protocol-downgrade攻击。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2111
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。Samba的NETLOGON服务中存在安全漏洞。当程序配置了域管理器时,远程攻击者可通过运行特制的应用程序并嗅探网络流量,利用该漏洞伪造安全通道端点的计算机名称,获取敏感的会话信息。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2112
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba的bundled LDAP客户端库中存在安全漏洞,该漏洞源于程序没有识别‘client ldap sasl wrapping’设置。攻击者可通过修改client-server数据流利用该漏洞实施中间人攻击和LDAP protocol-downgrade攻击。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2113
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba中存在安全漏洞,该漏洞源于程序没有验证TLS服务器端的X.509证书。攻击者可借助特制的证书利用该漏洞实施中间人攻击,欺骗LDAPS和HTTPS服务器,获取敏感信息。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2114
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba的SMB1协议实现过程中存在安全漏洞,该漏洞源于程序没有识别‘server signing = mandatory’设置。攻击者可通过修改client-server数据流利用该漏洞欺骗SMB服务器。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2115
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba中存在安全漏洞,该漏洞源于程序没有要求使用ncacn_np协议的DCERPC会话中的SMB签名。攻击者可通过修改client-server数据流利用该漏洞欺骗SMB客户端。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
CVE-2016-2118
Samba是Samba团队开发的一套可使UNIX系列的操作系统与微软Windows操作系统的SMB/CIFS网络协议做连结的自由软件。该软件支持共享打印机、互相传输资料文件等。
Samba的MS-SAMR和MS-LSAD协议实现过程中存在安全漏洞,该漏洞源于程序没有正确处理DCERPC连接。攻击者可通过修改client-server数据流利用该漏洞实施中间人攻击和protocol-downgrade攻击,冒充用户。以下版本受到影响:Samba 3.x版本,4.2.11之前4.x版本,4.3.8之前4.3.x版本,4.4.2之前4.4.x版本。
2. 受影响的操作系统及软件包
·银河麒麟桌面操作系统V10
x86_64 架构:
ctdb、libnss-winbind、libpam-winbind、libparse-pidl-perl、libsmbclient、libwbclient0、python-samba、registry-tools、samba-common-bin、samba-common、samba-dsdb-modules、samba-libs、samba-testsuite、samba-vfs-modules、samba、smbclient、winbind
arm64 架构:
ctdb、libnss-winbind、libpam-winbind、libparse-pidl-perl、libsmbclient、libwbclient0、python-samba、registry-tools、samba-common-bin、samba-common、samba-dsdb-modules、samba-libs、samba-testsuite、samba-vfs-modules、samba、smbclient、winbind
mips64el 架构:
ctdb、libnss-winbind、libpam-winbind、libparse-pidl-perl、libsmbclient、libwbclient0、python-samba、registry-tools、samba-common-bin、samba-common、samba-dsdb-modules、samba-libs、samba-testsuite、samba-vfs-modules、samba、smbclient、winbind
3. 软件包修复版本
·银河麒麟桌面操作系统V10
2:4.3.11+dfsg-0kord0.16.04.34+esm1
4. 修复方法
方法一:升级安装
执行更新命令进行升级
$sudo apt update
$sudo apt install samba
方法二:下载软件包进行升级安装
通过软件包地址下载软件包,使用软件包升级命令根据受影响的软件包列表升级相关的组件包。
$sudo dpkg -i /Path1/Package1 /Path2/Package2 /Path3/Package3……
注:Path 指软件包下载到本地的路径,Package指下载的软件包名称,多个软件包则以空格分开。
5. 软件包下载地址
银河麒麟桌面操作系统V10
x86_64软件包下载地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/ctdb_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libnss-winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libpam-winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libparse-pidl-perl_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libsmbclient_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libwbclient0_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/python-samba_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/registry-tools_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-common-bin_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-common_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-dsdb-modules_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-libs_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-testsuite_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-vfs-modules_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/smbclient_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_amd64.deb
arm64软件包下载地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/ctdb_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libnss-winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libpam-winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libparse-pidl-perl_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libsmbclient_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libwbclient0_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/python-samba_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/registry-tools_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-common-bin_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-common_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-dsdb-modules_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-libs_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-testsuite_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-vfs-modules_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/smbclient_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_arm64.deb
mips64el软件包下载地址
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/ctdb_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libnss-winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libpam-winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libparse-pidl-perl_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libsmbclient_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/libwbclient0_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/python-samba_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/registry-tools_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-common-bin_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-common_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_all.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-dsdb-modules_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-libs_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-testsuite_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba-vfs-modules_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/samba_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/smbclient_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
http://archive.kylinos.cn/kylin/KYLIN-ALL/pool/main/s/samba/winbind_4.3.11%2Bdfsg-0kord0.16.04.34%2Besm1_mips64el.deb
6. 修复验证
使用软件包查询命令,查看相关的软件包版本大于或等于修复版本则成功修复。
$sudo dpkg -l |grep Package
注:Package为软件包包名。