Full Disclosure mailing list archives

Re: Linux Kernel CIFS Vulnerability

From: Andreas Bogk <andreas () andreas org>
Date: Fri, 10 Apr 2009 14:21:05 +0200

Marcus Meissner schrieb:

fixing a remotely exploitable buffer overflow vulnerability in the
CIFS protocol.

assuming a malicious server.


Right.  And assuming you can get the user to click on a link like

smb://naked-teenage-girls-with-horses.evilhaxxx0r.com/

Unfortunately, this is a realistic attack scenario.

Even we as Linux distributors should probably set some people up to
study the .stable releases for such things.


I think you absolutely have to, if you want to provide professional
services to customers.  As if you hadn't enough work to do already...

Andreas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Linux Kernel CIFS Vulnerability, (continued)
- - - Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Raj Mathur (Apr 09)
  - Re: Linux Kernel CIFS Vulnerability Nick Boyce (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
  - Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
    - Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
    - Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
    - Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 11)
    - Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 13)
    - Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 13)
  - Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 10)