Full Disclosure mailing list archives
[Samba 3.0.37] EnumPrinters memory corruption
From: Gabriele Avosani <g.avosani () gmail com>
Date: Mon, 18 May 2015 17:58:37 +0200
Hello, i discovered a bug in EnumPrinters. It seems that it allocates many mega of memory, corrupting memory and taking control of a memcpy in parse_prs.c:398 It leads to memory corruption, fatal (and fast) exhaustion of resources and, probably, remote code execution. I attach a file that can be used as a proof of concept. Gabriele Avosani (looking for remote work as programmer, if in need, email me at g.avosani () gmail com (PHP, Perl, C/C++, Java and more))
Attachment:
enumprinters.tgz
Description:
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- [Samba 3.0.37] EnumPrinters memory corruption Gabriele Avosani (May 18)