[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Links smbclient command execution

To: Ulf Harnhammar <metaur@xxxxxxxxx>, teemu.salmela@xxxxxx
Subject: Re: [Full-disclosure] Links smbclient command execution
From: Mikulas Patocka <mikulas@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 30 Nov 2006 00:02:29 +0100 (CET)

On Wed, 29 Nov 2006, Mikulas Patocka wrote:

> Hi
>
> I fixed it in Links 1.00pre19 (at> http://artax.karlin.mff.cuni.cz/~mikulas/links/download/) and Links 2.1pre25> (at http://links.twibright.com/download/) --- please check it.
>
> I changed it to refuse '"' and ';' from file path. I hope that user name and> password at smbclient command line cannot be used to execute arbitrary code,> but if you have other information, contact me.
>
> Mikulas

Hello,

links-2.1pre25 still seems vulnerable to the "smb" vulnerability.

The ChangeLog doesn't mention anything about fixing it, smb.c has
a timestamp from November 2005, and the exploit posted earlier
still works.

Regards, Ulf Härnhammar

Oops, I forgot to upload it yesterday. It's there now under namelinks-2.1pre26. If you have any other ideas how it could be broken, tellme.


Mikulas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] Links smbclient command execution
  - From: Mikulas Patocka

Prev by Date: Re: [Full-disclosure] PayPal acount removal: bug or feature?
Next by Date: Re: [Full-disclosure] Sasser
Previous by thread: Re: [Full-disclosure] Links smbclient command execution
Next by thread: [Full-disclosure] [ MDKSA-2006:207 ] - Updated bind packages fixes RSA signature verification vulnerability
Index(es):
- Date
- Thread