Secunia Security Advisory - Jesus Olmos Gonzalez has discovered a vulnerability in Filesys::SmbClientParser, which can be exploited by malicious people to compromise an application using the module.
b94dbcf4879de9dcc6e1a95d0219b8fbf35b6c808437463385d653c623364c8a
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Filesys::SmbClientParser Shell Command Injection Vulnerability
SECUNIA ADVISORY ID:
SA31175
VERIFY ADVISORY:
http://secunia.com/advisories/31175/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Filesys::SmbClientParser 2.x
http://secunia.com/product/19344/
DESCRIPTION:
Jesus Olmos Gonzalez has discovered a vulnerability in
Filesys::SmbClientParser, which can be exploited by malicious people
to compromise an application using the module.
The vulnerability is caused due to the module improperly escaping
characters contained within e.g. the names of shared directories.
This can be exploited to execute arbitrary commands by tricking the
user into processing a specially crafted directory shared by a
malicious SMB server.
The vulnerability is confirmed in version 2.7. Other versions may
also be affected.
SOLUTION:
Do not connect to untrusted servers with applications using the
module.
PROVIDED AND/OR DISCOVERED BY:
Jesus Olmos Gonzalez, Internet Security Auditors
ORIGINAL ADVISORY:
http://packetstormsecurity.org/0807-exploits/smbclientparser-exec.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------