Full Disclosure mailing list archives
RE: question regarding CAN-2004-0930
From: "Castigliola, Angelo" <ACastigliola () unumprovident com>
Date: Tue, 16 Nov 2004 11:34:59 -0500
The reason is that when you run the "dir" command Samba does the processing and chokes. When you try the latter command "ls" Linux\Unix processes the command and has no problems. Angelo Castigliola III Enterprise Security Architecture UnumProvident Telephone: 207-575-3820 -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of evilninja Sent: Tuesday, November 16, 2004 9:17 AM To: full-disclosure () lists netsys com Cc: security () samba org Subject: [Full-disclosure] question regarding CAN-2004-0930 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, don't know if this is the right place to ask, but here it goes: i was notified by one of my users (!) about the recent samba vulnerability (CAN-2004-0930 [1]) that this is indeed easily "exploitable" by just issuing commands with long wildcard-patterns in the filename part, just as: <smb-share>:\> dir ******.exe ok, my smbd went crazy and the "dir" command was waiting for the result. but: when i mounted the smb-share under linux (mount -t smbfs ....) and issuing $ ls /mnt/smb-share/*******.exe "ls" returned *instantly* with "No such file or directory" and smbd did not go crazy. now i ask myself: how comes? thank you for comments, Christian. [1] http://samba.iasi.roedu.net/samba/security/CAN-2004-0930.html - -- BOFH excuse #120: we just switched to FDDI. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBmgveC/PVm5+NVoYRAkOFAJ9SdPk1yskCAwAId+wOfCY3n4rR0ACfVB3K mObYXTZxboxpcLnV4vaov9Q= =J3hN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- question regarding CAN-2004-0930 Christian Kujau (Nov 16)
- Re: question regarding CAN-2004-0930 Paul Schmehl (Nov 16)
- Re: question regarding CAN-2004-0930 Christian (Nov 16)
- Re: question regarding CAN-2004-0930 upb (Nov 16)
- Re: question regarding CAN-2004-0930 Paul Schmehl (Nov 17)
- Re: question regarding CAN-2004-0930 evil (Nov 17)
- Re: question regarding CAN-2004-0930 Christian (Nov 16)
- Re: question regarding CAN-2004-0930 Paul Schmehl (Nov 16)
- <Possible follow-ups>
- question regarding CAN-2004-0930 evilninja (Nov 16)
- RE: question regarding CAN-2004-0930 Castigliola, Angelo (Nov 16)
- Re: question regarding CAN-2004-0930 Rob klein Gunnewiek (Nov 17)
- Re: question regarding CAN-2004-0930 Christian (Nov 17)
- Re: question regarding CAN-2004-0930 Rob klein Gunnewiek (Nov 17)