En

Samba官网安全更新(2020-01-21)

来源:Samba官网 发布日期:2020-01-21 阅读次数:770 评论:0

基本信息

发布日期:2020-01-21(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2020-01-21 17:50:09

风险等级:中危

情报贡献:TSRC

更新标题

安全更新

更新详情

Samba - Security Announcement Archive




CVE-2019-19344.html



===========================================================
== Subject: Use after free during DNS zone scavenging
== in Samba AD DC
==
== CVE ID#: CVE-2019-19344
==
== Versions: Samba 4.9 and later versions
==
== Summary: During DNS zone scavenging (of expired dynamic
== entries) there is a read of memory after it has
== been freed.
===========================================================

===========
Description
===========

Samba 4.9 introduced an off-by-default feature to tombstone
dynamically created DNS records that had reached their expiry time.

This feature is controlled by the smb.conf option:
dns zone scavenging = yes

There is a use-after-free issue in this code, essentially due to a
call to realloc() while other local variables still point at the
original buffer.

The use is a read, but in quite unlikely conditions (due to NDR
validation unpacking the buffer) that read memory might be saved back
into the DB.

==================
Patch Availability
==================

Patches addressing both these issues have been posted to:

https://www.samba.org/samba/security/

Additionally, Samba 4.11.5, 4.10.12 and 4.9.18 have been issued
as security releases to correct the defect. Samba administrators are
advised to upgrade to these releases or apply the patch as soon
as possible.

==================
CVSSv3 calculation
==================

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H (6.5)

==========
Workaround
==========

The code in question is not run in the default configuration, so
the workaround is simply to not set
dns zone scavenging = yes

=======
Credits
=======

Originally reported by Christian Naumer.

Patches provided by Andrew Bartlett of the Samba team and Catalyst.

==========================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
==========================================================

软件描述

Samba是在Linux和UNIX系统上实现SMB协议的一个免费软件,由服务器及客户端程序构成。

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入