Vulnerability Development mailing list archives
Crashing Win9x with smbclient
From: budmeister1 () JUNO COM (Bud Meister)
Date: Mon, 13 Mar 2000 17:51:50 EST
Hi everyone, I'm an assistant in a high school computer lab with about 25 Win9x workstations and a Linux server. All the stations have a shared "My Documents" directory, so students can save their work locally and still be able to access it from other workstations. The Linux server is really only there for my own personal use, not as a student fileserver (hence the shares). After reading the thread about the 'con\con' bug, I decided to do a little experimenting. Here's what I found (displayed information is skewed): -------------------- [neo@neo ~]$ smbclient '\\station-1\my documents' Password: smb:\> ls Sarah1.doc 358739857 48574 JoePic.jpg 7634733 873 smb:\> cd con\con *disconnect* [neo@neo ~]$ -------------------- After I attempted the change directory command, Station-1 bluescreened immediately. I repeated this process on 5 other workstations, and all bluescreened; some were recoverable (but too unstable to continue without a reboot), but most had to be rebooted. This bug probably won't have any affect on our network, since we're running IP masquerading on our router and nothing can come in. The only way I've exploited it remotely is by using smbclient on a Windows machine (my Linux box is the only one in the school). As for larger effects, I couldn't say. That's why I mentioned it here :) I realize this is somewhat of an old problem, and this technique may have already been discovered, but I'm curious to see what others have to say on this topic. ----->Buddy budmeister1 () juno com http://tenbux.iwarp.com/ ________________________________________________________________ YOU'RE PAYING TOO MUCH FOR THE INTERNET! Juno now offers FREE Internet Access! Try it today - there's no risk! For your FREE software, visit: http://dl.www.juno.com/get/tagj.
Current thread:
- Crashing Win9x with smbclient Bud Meister (Mar 13)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts David Schwartz (Mar 19)
- CGI directory path NiGHTfly (Jul 07)
- Re: CGI directory path Vladimir Dubrovin (Mar 20)
- Re: CGI directory path mock () ACTIVESTATE COM (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts rpc (Mar 15)
- Intel Corporation, Express 550F Switch unlimited password attempts Knud Erik Højgaard (Feb 14)
- Re: Crashing Win9x with smbclient Marc (Mar 14)
- Re: Crashing Win9x with smbclient Drew (Mar 14)
- Re: Crashing Win9x with smbclient Edsel Adap (Mar 15)
- Re: Crashing Win9x with smbclient Bluefish (Mar 20)