[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability in Samba 2.2.10 and older

On Tue, Aug 31, 2004 at 08:44:59PM +0900, Takahiro Kambe wrote:
> > Probably not. I wasn't sure, and DoS seems like the minimum impact.
> remote-server-crash ?

That part is covered by "denial-of-service". The question is whether this
can be used to gain access. Reading the description again it doesn't
look like a buffer overflow but an uninitialized pointer problem on
the server. So it seems that "denial-of-service" is good enough.
We might even be able to remove that entry if we know for sure that
this bug doesn't crash the main Samba server process.

	Kind regards

Matthias Scheler                                  http://scheler.de/~matthias/