exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

smbval.library.bof.txt

smbval.library.bof.txt
Posted Aug 17, 1999

Exploitable buffer overflows in the smbval library leave numerous systems open to local and remote attacks that can potentially result in root compromise.

tags | exploit, remote, overflow, local, root
SHA-256 | c46d2d7f82df8ad5c62ec97082f0995992637a02c840f7768a22188307e8b043

smbval.library.bof.txt

Change Mirror Download
Date: Sun, 6 Jun 1999 19:57:44 -0700
From: Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM>
To: BUGTRAQ@netspace.org
Subject: Buffer overflows in smbval library

While working on my Authen::Smb wrapper, which provides SMB authentication
to UNIX hosts via perl, I discovered that the library that it is based on,
smbvalid.a (originally written by Alexander O. Yuriev, patched by many folks
through time -- available from a number of places via http/ftp), has a
number of exploitable buffer overflows.

The username and password arrays, among others, are vulnerable to overflow.
Remotely accessible applications that rely on the smbvalid library for
authentication may be vulnerable to remote attack. At this time,
Apache::AuthenSmb, a mod_perl-based authentication module for Apache, is the
only formal application I am aware of that is vulnerable. Custom developed
applications should be examined for possible vulnerabilities.

Authen::Smb 0.9 has been released which addresses this problem and is
available via CPAN.

pam_smb, which is also built around smbvalid, does _not_ apper to be
vulnerable to attacks.

No patches are available to correct the problem in the library itself at
this time.

Thanks,
--
Patrick Michael Kane
We Also Walk Dogs
<pmk@wealsowalkdogs.com>

----------------------------------------------------------------------------

Date: Mon, 7 Jun 1999 08:44:21 -0700
From: Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: Buffer overflows in smbval library

One follow-up. I misattributed authorship of the smbval library. It was
written by Richard Sharpe, not Alexander O. Yuriev.

Thanks,
--
Patrick Michael Kane
We Also Walk Dogs
<pmk@wealsowalkdogs.com>

----------------------------------------------------------------------------

Date: Tue, 8 Jun 1999 18:23:10 +0900
From: Richard Sharpe <sharpe@NS.AUS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: Buffer overflows in smbval library

At 08:44 AM 6/7/99 -0700, Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM> wrote:
>One follow-up. I misattributed authorship of the smbval library. It was
>written by Richard Sharpe, not Alexander O. Yuriev.
>

Hmmm,

I can't remember writing smbval.

I do remember writing SMBlib, and am certain that pam_smb is based on that,
and I freely admit that it could have buffer overflows in it.

I have learned since :-)


Regards
-------
Richard Sharpe, sharpe@ns.aus.com, NS Computer Software and Services P/L,
Samba (Team member www.samba.org), Ethereal (Team member www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours
Author, First Australian Linux Course

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close