[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability in Samba 2.2.10 and older

Subject: Re: Vulnerability in Samba 2.2.10 and older
From: Matthias Scheler <tron@NetBSD.org>
To: tech-pkg-ja@jp.NetBSD.org
Date: Mon, 30 Aug 2004 15:33:14 +0200
Message-ID: <20040830133314.GB845@colwyn.zhadum.de>
In-Reply-To: <20040830.222110.26274974.taca@back-street.net>
References: <20040830112739.GA14490@colwyn.zhadum.de> <20040830.211612.15269338.taca@back-street.net> <20040830125157.GC21401@colwyn.zhadum.de> <20040830.222110.26274974.taca@back-street.net>
Cc: Kimmo Suominen <kim@NetBSD.org>
Delivered-To: mailing list tech-pkg-ja@jp.netbsd.org
Mailing-List: contact tech-pkg-ja-help@jp.netbsd.org; run by ezmlm-idx
User-Agent: Mutt/1.4.2.1i

On Mon, Aug 30, 2004 at 10:21:10PM +0900, Takahiro Kambe wrote:
> > That's good news. Can you please update the entry for this vulnerability
> > in "localsrc/security/advisories/pkg-vulnerabilities"?
> I didn't think the problem the security related problem since it would
> crash forked smbd for the client and it wouldn't stop service for
> other (none Windows XP SP2) clients; the problem is Windows XP SP2
> clients only.

Are you sure that the "smbd" was already forked at that point of time?
I've read that it happens during an incomplete authentification.

> If it is worth adding as a pkg-vulnerabilities entry, what is the type
> of exploit?  (The security fix by Samba 2.2.10 is fixed by ja-samba
> 2.2.9.1.0nb1 package and it is already described in pkg-vulnerabilities.)

Yes, definitely. Even if only a forked "smbd" crashes there must have
been a buffer overflow which can be abused to execute something on
the samba server.

	Kind regards

-- 
Matthias Scheler                                  http://scheler.de/~matthias/

Follow-Ups:
- Re: Vulnerability in Samba 2.2.10 and older
  - From: Takahiro Kambe <taca@back-street.net>

References:
- Vulnerability in Samba 2.2.10 and older
  - From: Matthias Scheler <tron@NetBSD.org>
- Re: Vulnerability in Samba 2.2.10 and older
  - From: Takahiro Kambe <taca@back-street.net>
- Re: Vulnerability in Samba 2.2.10 and older
  - From: Matthias Scheler <tron@NetBSD.org>
- Re: Vulnerability in Samba 2.2.10 and older
  - From: Takahiro Kambe <taca@back-street.net>

Prev by Date: Re: Vulnerability in Samba 2.2.10 and older
Next by Date: Re: Vulnerability in Samba 2.2.10 and older
Prev by thread: Re: Vulnerability in Samba 2.2.10 and older
Next by thread: Re: Vulnerability in Samba 2.2.10 and older
Index(es):
- Date
- Thread