Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re[2]: Microsoft's Explorer and Internet Explorer long share name buffer overflow.

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 29 Apr 2004 14:12:34 +0400
Dear KF (lists),

--Thursday, April 29, 2004, 3:55:39 AM, you wrote to bugtraq () securityfocus com:


Kl> Thus far I have been unable to locate a good unicode return address...
Kl> but thats not to say there is not one there. =] . For those of you 
Kl> wondering smb.conf DOES allow for characters like \x90 and other things
Kl> of that nature.

It  shouldn't be hard to patch Samba to export share name as Unicode. In
this case exploitation is trivial.


Kl> enjoy.

Kl> -KF


Kl> Paul Szabo wrote:



Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is
fixed in W2kSP4; or maybe that KB article refers to a different problem: it
say the error should be "Access Violation", I got "Program Error".

Cheers,

Paul Szabo - psz () maths usyd edu au 
http://www.maths.usyd.edu.au:8000/u/psz/
School of Mathematics and Statistics  University of Sydney   2006  Australia

 



Kl> _______________________________________________
Kl> Full-Disclosure - We believe in it.
Kl> Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
~/ZARAZA
Бросьте стараться - ничего из этого не выйдет. (Твен)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: