[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Vulnerability in Samba 2.2.10 and older



In message <20040830133314.GB845@colwyn.zhadum.de>
	on Mon, 30 Aug 2004 15:33:14 +0200,
	Matthias Scheler <tron@NetBSD.org> wrote:
> > I didn't think the problem the security related problem since it would
> > crash forked smbd for the client and it wouldn't stop service for
> > other (none Windows XP SP2) clients; the problem is Windows XP SP2
> > clients only.
> 
> Are you sure that the "smbd" was already forked at that point of time?
> I've read that it happens during an incomplete authentification.
Maybe you are right.

> > If it is worth adding as a pkg-vulnerabilities entry, what is the type
> > of exploit?  (The security fix by Samba 2.2.10 is fixed by ja-samba
> > 2.2.9.1.0nb1 package and it is already described in pkg-vulnerabilities.)
> 
> Yes, definitely. Even if only a forked "smbd" crashes there must have
> been a buffer overflow which can be abused to execute something on
> the samba server.
Then it is denial-of-service?

-- 
Takahiro Kambe <taca@back-street.net>