[Samba 3.0.37] EnumPrinters memory consumption

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
there is a bug in Samba 3.0.37 (latest) in EnumPrinters rpc function
(anonymous access), the bug is in parse_prs.c:398, we take control of length
and source pointer of a memcpy, leading to memory corruption, very fast
exhaustion of resources (block of computer very easy) and, probably, remote
code execution.

This is the packet code to be sent to port 445, EnumPrinters rpc function,
opcode 0x0.

Gabriele Avosani

P.S. Looking for job as remote programmer (short and long terms). Php, Perl,
Java, C/C++ and more (Linux and Windows), thanks in advance.

Re: [Samba 3.0.37] EnumPrinters memory consumption

Quoted text here. Click to load it

samba.org says the latest version is 4.1.something.  If you think that
version is also vulnerable, you should contact the Samba team, ideally
in private.  Posting vulnerabilities to Usenet without allowing any time
for a fix to be deployed is rather irresponsible.


Site Timeline