[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Linux Kernel CIFS Vulnerability

To: Marcus Meissner <meissner@xxxxxxx>
Subject: Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
From: Andreas Bogk <andreas@xxxxxxxxxxx>
Date: Fri, 10 Apr 2009 14:21:05 +0200

Marcus Meissner schrieb:
>> fixing a remotely exploitable buffer overflow vulnerability in the
>> CIFS protocol.
> assuming a malicious server.

Right.  And assuming you can get the user to click on a link like

smb://naked-teenage-girls-with-horses.evilhaxxx0r.com/

Unfortunately, this is a realistic attack scenario.

> Even we as Linux distributors should probably set some people up to
> study the .stable releases for such things.

I think you absolutely have to, if you want to provide professional
services to customers.  As if you hadn't enough work to do already...

Andreas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Linux Kernel CIFS Vulnerability
  - From: Andreas Bogk
- Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
  - From: Marcus Meissner

Prev by Date: Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
Next by Date: [Full-disclosure] [ GLSA 200904-12 ] Wicd: Information disclosure
Previous by thread: Re: [Full-disclosure] Linux Kernel CIFS Vulnerability
Next by thread: [Full-disclosure] OpenVAS now beyond 10000 Network Vulnerability Tests
Index(es):
- Date
- Thread