HackDig : Dig high-quality web security articles

[Samba 3.0.37] EnumPrinters memory corruption

2015-05-18 20:05
Hello, i discovered a bug in EnumPrinters.
It seems that it allocates many mega of memory, corrupting memory and
taking control of a memcpy in parse_prs.c:398

It leads to memory corruption, fatal (and fast) exhaustion of resources
and, probably, remote code execution.

I attach a file that can be used as a proof of concept.

Gabriele Avosani

(looking for remote work as programmer, if in need, email me at
g.avosani () gmail com (PHP, Perl, C/C++, Java and more))


Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 37/yaM/5102/erusolcsidlluf/gro.stsilces

Read:5887 | Comments:0 | Tags:No Tag

“[Samba 3.0.37] EnumPrinters memory corruption”0 Comments

Submit A Comment



Blog :

Verification Code: