• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

samba-2.2.8 exploit - all distros fixed in 2.2.8a - sambal.c

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
Mike
Just Arrived
Just Arrived


Joined: 05 Jan 2003
Posts: 0


Offline

PostPosted: Thu Apr 10, 2003 6:02 pm    Post subject: samba-2.2.8 exploit - all distros fixed in 2.2.8a - sambal.c Reply with quote

sambal.c is a remote root exploit for samba 2.2.x and prior that works against
Linux (all distros), FreeBSD (4.x, 5.x), NetBSD (1.x) and OpenBSD (2.x, 3.x
and 3.2-non exec stack). It has a scan option, so you can easily identify your
lost samba boxes on your home WAN...


The bug

in /source/smbd/trans2.c on line 250 - function: call_trans2open() :

namelen = strlen(pname)+1;
StrnCpy(fname,pname,namelen);

http://www.netric.org/exploits/sambal.c
Back to top
View user's profile Send private message Send e-mail MSN Messenger
ComSec
Trusted SF Member
Trusted SF Member


Joined: 26 Jul 2002
Posts: 16777215


Offline

PostPosted: Thu Apr 10, 2003 7:10 pm    Post subject: Reply with quote

Samba are going through a rough patch ATM.

thanks Mike
Back to top
View user's profile Send private message Visit poster's website
Mike
Just Arrived
Just Arrived


Joined: 05 Jan 2003
Posts: 0


Offline

PostPosted: Mon Apr 14, 2003 1:55 pm    Post subject: Reply with quote

ComSec wrote:
Samba are going through a rough patch ATM.

thanks Mike


the samba's source is a big mess,
i wonder how long it will take.
Back to top
View user's profile Send private message Send e-mail MSN Messenger
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register