[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Vulnerability in Samba 2.2.10 and older
In message <20040831122941.GA8768@colwyn.zhadum.de>
on Tue, 31 Aug 2004 14:29:41 +0200,
Matthias Scheler <tron@NetBSD.org> wrote:
> > > Probably not. I wasn't sure, and DoS seems like the minimum impact.
> > remote-server-crash ?
>
> That part is covered by "denial-of-service". The question is whether this
> can be used to gain access. Reading the description again it doesn't
> look like a buffer overflow but an uninitialized pointer problem on
> the server. So it seems that "denial-of-service" is good enough.
I see and thanks for your explanation.
> We might even be able to remove that entry if we know for sure that
> this bug doesn't crash the main Samba server process.
I don't know in detail and I don't want to read (or understand)
Samba's codes. ;-p
Best regards and good night.
--
Takahiro Kambe <taca@back-street.net>