One follow-up. I misattributed authorship of the smbval library. It was written by Richard Sharpe, not Alexander O. Yuriev. Thanks, * Patrick Michael Kane (pmkat_private) [990606 19:56]: > While working on my Authen::Smb wrapper, which provides SMB authentication > to UNIX hosts via perl, I discovered that the library that it is based on, > smbvalid.a (originally written by Alexander O. Yuriev, patched by many folks > through time -- available from a number of places via http/ftp), has a > number of exploitable buffer overflows. > > The username and password arrays, among others, are vulnerable to overflow. > Remotely accessible applications that rely on the smbvalid library for > authentication may be vulnerable to remote attack. At this time, > Apache::AuthenSmb, a mod_perl-based authentication module for Apache, is the > only formal application I am aware of that is vulnerable. Custom developed > applications should be examined for possible vulnerabilities. > > Authen::Smb 0.9 has been released which addresses this problem and is > available via CPAN. > > pam_smb, which is also built around smbvalid, does _not_ apper to be > vulnerable to attacks. > > No patches are available to correct the problem in the library itself at > this time. > > Thanks, > -- > Patrick Michael Kane > We Also Walk Dogs > <pmkat_private> -- Patrick Michael Kane We Also Walk Dogs <pmkat_private>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:21 PDT