Date: Wed, 19 Mar 2003 10:08:28 +0100 From: Marton Kenyeres <mkenyeres@konvergencia.hu> To: security@freebsd.org Subject: Re: Samba vulnerability Message-ID: <200303191008.28706.mkenyeres@konvergencia.hu> In-Reply-To: <3E774C85.902@drweb.ru> References: <20030318143759.GA77729@nevermind.kiev.ua> <3E774C85.902@drweb.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday 18 March 2003 17.42, Nikolaj I. Potanin wrote: > > A flaw has been detected in the Samba main smbd code which could allow > > an external attacker to remotely and anonymously gain Super User (root) > > ^^^^^^^^^^^^^^^^^ > > Does anyone here have smbd bound to an external interface? ;-) > Although the advisory mentions external attackers, I bet this vulnerability= =20 allows malicious internal users to gain root privileges on an intranet file= =20 server. As far as I know a vast majority of attacks are attempted by=20 insiders, so I don't find this funny at all.=20 Also, form smb.conf(5): By default Samba will query the kernel for the list of all active interface= s=20 and use any interfaces except 127.0.0.1 that are broadcast capable. So it is very well possible that in fact, someone here have smbd bound to a= n=20 external interface. Anyway, I don't think that this kind of 'lamaz deserve = to=20 be r00ted' attitude is appropriate for this list. Pardon me, if I=20 misunderstood your intentions. Cheers, =2D-=20 Kenyeres M=E1rton mkenyeres@konvergencia.hu KVG:) Konvergencia Kft. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200303191008.28706.mkenyeres>