HackDig : Dig high-quality web security articles for hackers

[Samba 3.0.37] EnumPrinters memory corruption

2015-05-18 20:05
Hello, i discovered a bug in EnumPrinters.
It seems that it allocates many mega of memory, corrupting memory and
taking control of a memcpy in parse_prs.c:398

It leads to memory corruption, fatal (and fast) exhaustion of resources
and, probably, remote code execution.

I attach a file that can be used as a proof of concept.


Gabriele Avosani

(looking for remote work as programmer, if in need, email me at
g.avosani () gmail com (PHP, Perl, C/C++, Java and more))

Attachment:enumprinters.tgz
Description:



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/


Source: 37/yaM/5102/erusolcsidlluf/gro.stsilces

Read:5436 | Comments:0 | Tags:No Tag

“[Samba 3.0.37] EnumPrinters memory corruption”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools