[plug] samba
Travis Read
travisr at rave.iinet.net.au
Thu Apr 19 16:59:29 WST 2001
Does anybody know of any remote exploits for samba? I read in bugtraq
there are a few local exploits, however, my gateway box only has 3
users. In /var/log/ I have this:
<snip>
-rw-r--r-- 1 root root 488 Feb 24 19:21 samba.darkstar
-rw-r--r-- 1 root root 468 Apr 18 23:28
samba.\202\312\202\202\202\210
-rw-r--r-- 1 root root 472 Apr 16 15:09
samba.\300\300\230\232\300\231
drwxr-xr-x 2 root root 4096 Apr 15 01:31 scripts/
drwxr-xr-x 3 root root 4096 Jan 29 1994 setup/
<snip>
root at darkstar:/var/log# /mnt/hdc1/bin/smbd -V
Version 2.0.7
It looks like a buffer overflow to me. Has anybody else heard of this?
In this case I took my firewall down for a few hours whilst I tested a
VPN. The hack attempt occured during this time.
--
Kind regards,
Travis Read
iiNet Senior Support | Ph +61 8 9214 2222 Fx +61 8 9214 2211
travisr at corporate.iinet.net.au | 250 St Georges Terrace, Perth WA 6000
" there is a war going on, it's not about who has the most bullets,
it's about who controls the information " - SNEAKERS
More information about the plug
mailing list