[plug] samba

Travis Read travisr at rave.iinet.net.au
Thu Apr 19 16:59:29 WST 2001


Does anybody know of any remote exploits for samba? I read in bugtraq
there are a few local exploits, however, my gateway box only has 3
users. In /var/log/ I have this:
<snip>
-rw-r--r--   1 root     root          488 Feb 24 19:21 samba.darkstar
-rw-r--r--   1 root     root          468 Apr 18 23:28
samba.\202\312\202\202\202\210
-rw-r--r--   1 root     root          472 Apr 16 15:09
samba.\300\300\230\232\300\231
drwxr-xr-x   2 root     root         4096 Apr 15 01:31 scripts/
drwxr-xr-x   3 root     root         4096 Jan 29  1994 setup/
<snip>

root at darkstar:/var/log# /mnt/hdc1/bin/smbd -V
Version 2.0.7

It looks like a buffer overflow to me. Has anybody else heard of this?

In this case I took my firewall down for a few hours whilst I tested a
VPN. The hack attempt occured during this time. 

-- 
Kind regards,

Travis Read

iiNet Senior Support            | Ph +61 8 9214 2222 Fx +61 8 9214 2211
travisr at corporate.iinet.net.au  | 250 St Georges Terrace, Perth WA 6000

" there is a war going on, it's not about who has the most bullets,
         it's about who controls the information " - SNEAKERS




More information about the plug mailing list