发布时间: 2023年7月29日
修改时间: 2024年10月31日
A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | None | None |
| Attack Vector | Network | Network |
| CVSS评分 | 5.3 | 5.3 |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| Scope | Unchanged | Unchanged |
| Integrity | None | None |
| User Interaction | None | None |
| Availability | Low | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1570 | samba security update | 2023年7月29日 |
| KylinSec-SA-2023-1571 | samba security update | 2023年7月29日 |
| KylinSec-SA-2023-1602 | samba security update | 2023年7月29日 |
| KylinSec-SA-2023-2213 | samba security update | 2023年7月29日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-4A | samba | Fixed |
| KY3.4-5 | samba | Fixed |
| KY3.5.1 | samba | Fixed |
| KY3.5.2 | samba | Fixed |
