[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability in Samba 2.2.10 and older
On Tue, Aug 31, 2004 at 08:44:59PM +0900, Takahiro Kambe wrote:
> > Probably not. I wasn't sure, and DoS seems like the minimum impact.
> remote-server-crash ?
That part is covered by "denial-of-service". The question is whether this
can be used to gain access. Reading the description again it doesn't
look like a buffer overflow but an uninitialized pointer problem on
the server. So it seems that "denial-of-service" is good enough.
We might even be able to remove that entry if we know for sure that
this bug doesn't crash the main Samba server process.
Matthias Scheler http://scheler.de/~matthias/