U programskom paketu Samba otkrivena je i ispravljena jedna ranjivost. Radi se o implementaciji SMB (eng. Server Message Block) protokola namijenjenog razmjeni pisača, datoteka, informacija putem računalne mreže. Ranjivost se očituje u preljevu međuspremnika u funkcijama "sid_parse" i "dom_sid_parse". Udaljeni napadač može iskoristiti ranjivost za DoS napad (eng. Denial of Service) i pokretanje proizvoljnog programskog koda. Dostupna je službena nadogradnja koja otklanja ranjivost te se korisnicima savjetuje njena primjena.
Oracle Solaris Security Update Fixes Samba Buffer Overflow Vulnerability
VUPEN ID VUPEN/ADV-2011-0091
CVE ID CVE-2010-3069
CWE ID Available in VUPEN VNS Customer Area
CVSS V2 Available in VUPEN VNS Customer Area
Rated as Critical
Impact Available in VUPEN VNS Customer Area
Authentication Level Available in VUPEN VNS Customer Area
Access Vector Available in VUPEN VNS Customer Area
Release Date 2011-01-13
Share Twitter LinkedIn Facebook Delicious Digg Slashdot
Technical Description
A vulnerability has been identified in Oracle Solaris, which could be exploited by remote attackers to compromise a vulnerable system. This issue is caused by an error in Samba. For additional information, see : VUPEN/ADV-2010-2378
Affected Products
Oracle Solaris 11 Express
Oracle Solaris 10
Oracle Solaris 9
Solution
Solaris 11 Express (OpenSolaris) - Upgrade to snv_151a
Solaris 10 (SPARC) - Apply patch 146363-01
Solaris 10 (x86) - Apply patch 146364-01
Solaris 9 (SPARC) - Apply patch 114684-17
Solaris 9 (x86) - Apply patch 114685-17
References
http://www.vupen.com/english/advisories/2011/0091
http://blogs.sun.com/security/entry/cve_2010_3069_multiple_stack
Changelog
2011-01-13 : Initial release
Posljednje sigurnosne preporuke