Nmap Development mailing list archives
Re: New Samba remote root vuln (CVE-2012-1182) script idea
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Fri, 20 Apr 2012 14:04:41 +0200
Hi, could you check the logs and see if the script actually crashed the machine? Log should be called log.nmap , and should mention invalid free and crash as opposed to simple error. I'll set up a test and check myself. Regards, Aleksandar On Fri, Apr 20, 2012 at 1:57 PM, Patrik Karlsson <patrik () cqure net> wrote:
On Tue, Apr 17, 2012 at 10:20 PM, Aleksandar Nikolic < nikolic.alek () gmail com> wrote:Hi all, I've written a detection script for this vulnerability using the method I described earlier. I've attached a patch for msrpc.lua to add GetAliasMembership function used in the exploit. If you check the source, you'll notice that I didn't do any marshalling, and I'm building the packet myself. I'm not sure this is the right way to use the library, so any suggestion on how to improve that part. The script it self is very simple and if basically ZDI's PoC rewritten into Lua. I've tested this on vulnerable samba on fedora and fully patched ubuntu. I'd welcome any comments on improving this. Also , feel free to change the name of the script, as I'm not sure what the convention is. Regards, AleksandarHi Aleksandar, I just tested the script against Samba 3.5.8 on Ubuntu 11.10 and the script fails to detect it as vulnerable. The error returned by samr_getaliasmembership is "MSRPC call returned a fault (packet type)". Updating the server to "2:3.5.11~dfsg-1ubuntu2.2" returns the same message. Any ideas on what's happening? //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New Samba remote root vuln (CVE-2012-1182) script idea Fyodor (Apr 11)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 11)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Fyodor (Apr 13)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Paulino Calderon (Apr 14)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 17)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Paulino Calderon (Apr 14)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 21)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 22)