【漏洞预警】Samba SMB1协议漏洞,可泄露服务器内存信息
BaCde 2403天前根据白帽汇FOFA系统统计,目前,全球共有230万个存在smb的linux服务器,美国共有9万,中国地区有8万,该存在smb服务最多的国家是阿拉伯联合酋长国,有106万台。该漏洞可导致服务器内存信息泄露,与心脏出血(CVE-2014-0160)漏洞类似。影响较广,白帽汇提醒广大用户,及时升级至最新版本,降低风险。
samba 协议全球分布情况(仅为分布情况,非漏洞影响情况)
漏洞详情:
====================================================================
== Subject: Server memory information leak over SMB1
==
== CVE ID#: CVE-2017-12163
==
== Versions: All versions of Samba.
==
== Summary: Client with write access to a share can cause
== server memory contents to be written into a file
== or printer.
==
====================================================================
===========
Description
===========
All versions of Samba are vulnerable to a server memory information
leak bug over SMB1 if a client can write data to a share. Some SMB1
write requests were not correctly range checked to ensure the client
had sent enough data to fulfill the write, allowing server memory
contents to be written into the file (or printer) instead of client
supplied data. The client cannot control the area of the server memory
that is written to the file (or printer).
==================
Patch Availability
==================
A patch addressing this defect has been posted to
http://www.samba.org/samba/security/
Additionally, Samba 4.6.8, 4.5.14 and 4.4.16 have been issued as
security releases to correct the defect. Patches against older Samba
versions are available at http://samba.org/samba/patches/. Samba
vendors and administrators running affected versions are advised to
upgrade or apply the patch as soon as possible.
==========
Workaround
==========
As this is an SMB1-only vulnerability, it can be avoided by setting
the server to only use SMB2 via adding:
server min protocol = SMB2_02
to the [global] section of your smb.conf and restarting smbd.
=======
Credits
=======
This problem was reported by Yihan Lian and Zhibin Hu, security
researchers with Qihoo 360 GearTeam. Stefan Metzmacher of SerNet and the
Samba Team and Jeremy Allison of Google and the Samba Team provided
the fix.
昵称
邮箱
最新评论