[Samba 3.0.37] EnumPrinters memory corruption

[Gabriele Avosani <g.avosani () gmail com>]

Hello, i discovered a bug in EnumPrinters.
It seems that it allocates many mega of memory, corrupting memory and
taking control of a memcpy in parse_prs.c:398

It leads to memory corruption, fatal (and fast) exhaustion of resources
and, probably, remote code execution.

I attach a file that can be used as a proof of concept.


Gabriele Avosani

(looking for remote work as programmer, if in need, email me at
g.avosani () gmail com (PHP, Perl, C/C++, Java and more))

Attachment: enumprinters.tgz
Description:

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/