Nmap Development mailing list archives
Re: New Samba remote root vuln (CVE-2012-1182) script idea
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Wed, 11 Apr 2012 12:22:12 +0200
Hi All, detecting this vulnerability should be fairly easy. Samba forks for every user so crashing one session doesn't crash the whole server. What could be done here is: 1. Add a function to msrpc.lua to call GetAliasMembership (opnum 0x10) 2. Construct a malformed packet as in the PoC 3. Make a call 4. If the connection hangs , the server is vulnerable I'm refering to first PoC exploit. Since apparently that samba code is auto generated there are a bunch of heap overflows fixed with this patch, but that first one (ZDI-CAN-1503 from the first set of reproducers) seems the most straightforward one. I'm currently away for holiday (ortodox easter) but could work on this on Monday. Regards, Aleksandar On Wed, Apr 11, 2012 at 9:02 AM, Fyodor <fyodor () insecure org> wrote:
Hi folks. If anyone is in a script-writing mood, I'm sure a detection (or even exploitation) NSE script for the new Samba bug would be welcomed by many network administrators and pen testers right about now :). Here are some details: Announcement: https://www.samba.org/samba/security/CVE-2012-1182 Bugzilla entry, with proof of concept code: https://bugzilla.samba.org/show_bug.cgi?id=8815 I'll add this to the NSE script ideas page[1] too. Cheers, Fyodor [1] https://secwiki.org/w/Nmap_Script_Ideas _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New Samba remote root vuln (CVE-2012-1182) script idea Fyodor (Apr 11)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 11)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Fyodor (Apr 13)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Paulino Calderon (Apr 14)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 17)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 20)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Paulino Calderon (Apr 14)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Patrik Karlsson (Apr 21)
- Re: New Samba remote root vuln (CVE-2012-1182) script idea Aleksandar Nikolic (Apr 22)