question regarding CAN-2004-0930

[Christian Kujau <evil () g-house de>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

hi,

don't know if this is the right place to ask, but here it goes:

i was notified by one of my users (!) about the recent samba vulnerability
(CAN-2004-0930 [1]) that this is indeed easily "exploitable" by just
issuing commands with long wildcard-patterns in the filename part, just as:

<smb-share>:\> dir ******.exe

ok, my smbd went crazy and the "dir" command was waiting for the result.
but: when i mounted the smb-share under linux (mount -t smbfs ....) and
issuing

$ ls /mnt/smb-share/*******.exe

"ls" returned *instantly* with "No such file or directory" and smbd did
not go crazy. now i ask myself: how comes?

thank you for comments,
Christian.

[1] http://samba.iasi.roedu.net/samba/security/CAN-2004-0930.html
- --
BOFH excuse #120:

we just switched to FDDI.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBmgvL+A7rjkF8z0wRAjCwAJ90xxcrTOj9h0OIT5SQO+C9skSUzgCfYlK4
EqkXTwEDJHaQi6ItZShdYWI=
=xvPA
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html