[samba-jp:20863] Re: [FYI] Samba 3.4.2,3.3.8,3.2.15,3.0.37が出ました
Takahiro Kambe
taca @ back-street.net
2009年 10月 5日 (月) 15:35:27 JST
In message <20091005.001120.116927611.taca @ back-street.net>
on Mon, 05 Oct 2009 00:11:20 +0900 (JST),
Takahiro Kambe <taca @ back-street.net> wrote:
> o CVE-2009-2813:
> In all versions of Samba later than 3.0.11, connecting to the home
> share of a user will use the root of the filesystem
> as the home directory if this user is misconfigured to have
> an empty home directory in /etc/passwd.
>
> o CVE-2009-2948:
> If mount.cifs is installed as a setuid program, a user can pass it a
> credential or password path to which he or she does not have access and
> then use the --verbose option to view the first line of that file.
> All known Samba versions are affected.
...
> への対応のようですが、CVE-2009-2813以外は参照すべきCVEのエントリが未だ
> ないみたいなんですよねぇ...。
現状、www.samba.orgの中にだけ、存在してるようです。
http://www.samba.org/samba/security/CVE-2009-2948.html
http://www.samba.org/samba/security/CVE-2009-2906.html
--
神戸 隆博(かんべ たかひろ) at 仕事場
samba-jp メーリングリストの案内