[Samba 3.0.37] EnumPrinters memory consumption

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

there is a bug in Samba 3.0.37 (latest) in EnumPrinters rpc function
(anonymous access), the bug is in parse_prs.c:398, we take control of length
and source pointer of a memcpy, leading to memory corruption, very fast
exhaustion of resources (block of computer very easy) and, probably, remote
code execution.

This is the packet code to be sent to port 445, EnumPrinters rpc function,  
opcode 0x0.

Gabriele Avosani

P.S. Looking for job as remote programmer (short and long terms). Php, Perl,
Java, C/C++ and more (Linux and Windows), thanks in advance.

Site Timeline