Full Disclosure mailing list archives
Re: Linux Kernel CIFS Vulnerability
From: Andreas Bogk <andreas () andreas org>
Date: Fri, 10 Apr 2009 14:21:05 +0200
Marcus Meissner schrieb:
fixing a remotely exploitable buffer overflow vulnerability in the CIFS protocol.assuming a malicious server.
Right. And assuming you can get the user to click on a link like smb://naked-teenage-girls-with-horses.evilhaxxx0r.com/ Unfortunately, this is a realistic attack scenario.
Even we as Linux distributors should probably set some people up to study the .stable releases for such things.
I think you absolutely have to, if you want to provide professional services to customers. As if you hadn't enough work to do already... Andreas _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Linux Kernel CIFS Vulnerability, (continued)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Raj Mathur (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Nick Boyce (Apr 09)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Marcus Meissner (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)
- Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 11)
- Re: Linux Kernel CIFS Vulnerability Andreas Bogk (Apr 13)
- Re: Linux Kernel CIFS Vulnerability Eugene Teo (Apr 13)
- Re: Linux Kernel CIFS Vulnerability Thierry Zoller (Apr 10)