Full Disclosure mailing list archives
Re: question regarding CAN-2004-0930
From: Christian <evilninja () gmx net>
Date: Wed, 17 Nov 2004 00:13:52 +0100
Paul Schmehl wrote:
Because in the former case you were attempting to access a file through the daemon. In the latter, you were attempting to access a file through a unix utility. The former (smbd) is vulnerable. The latter (ls) apparently is not.
hm, i still don't get it: the daemon has to answer to "dir" too, doesn't he? the sole reason that "ls is a unix utility" does not make sense in this context. "ls" and "dir" are not vulnerable here, sure, but this still does not explain why smbd acts different here. i've played around with tcpdump and strace here. the tcpdump looks very similiar, the smbd's answer to "ls" is much shorter, as "strace" reveals.
so i just assume that "dir" _triggers_ the bug, while "ls" does not and since i lack C expertise (and the souce of "dir"), i'll never find out why ;)
and no, i am not digging deeper here, i was just curious. thank you (both) for comments, Christian. -- BOFH excuse #170: popper unable to process jumbo kernel _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- question regarding CAN-2004-0930 Christian Kujau (Nov 16)
- Re: question regarding CAN-2004-0930 Paul Schmehl (Nov 16)
- Re: question regarding CAN-2004-0930 Christian (Nov 16)
- Re: question regarding CAN-2004-0930 upb (Nov 16)
- Re: question regarding CAN-2004-0930 Paul Schmehl (Nov 17)
- Re: question regarding CAN-2004-0930 evil (Nov 17)
- Re: question regarding CAN-2004-0930 Christian (Nov 16)
- Re: question regarding CAN-2004-0930 Paul Schmehl (Nov 16)
- <Possible follow-ups>
- question regarding CAN-2004-0930 evilninja (Nov 16)
- RE: question regarding CAN-2004-0930 Castigliola, Angelo (Nov 16)
- Re: question regarding CAN-2004-0930 Rob klein Gunnewiek (Nov 17)
- Re: question regarding CAN-2004-0930 Christian (Nov 17)
- Re: question regarding CAN-2004-0930 Rob klein Gunnewiek (Nov 17)