Re: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-17 Thread Christian
Rob klein Gunnewiek wrote: Not completely so. Issuing the command using the client causes that the wildcards are sent to the server where globbing is handled.. there's also where the error occurs. When you mount it first and you do the 'ls' command, your local BASH (not 'ls') handles the globbing

Re: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-17 Thread Paul Schmehl
--On Wednesday, November 17, 2004 12:13:52 AM +0100 Christian [EMAIL PROTECTED] wrote: hm, i still don't get it: the daemon has to answer to dir too, doesn't he? the sole reason that ls is a unix utility does not make sense in this context. ls and dir are not vulnerable here, sure, but this still

Re: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-17 Thread evil
On Wed, 17 Nov 2004 17:49:12 -0600, Paul Schmehl wrote When you do an ls, you are making a call that the *os* has to respond to. The os is *not* vulnerable, so it (properly) rejects the request as malformed. i think i get it now. as someone else explained is wildcard expansion also an issue

[Full-Disclosure] question regarding CAN-2004-0930

2004-11-16 Thread evilninja
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, don't know if this is the right place to ask, but here it goes: i was notified by one of my users (!) about the recent samba vulnerability (CAN-2004-0930 [1]) that this is indeed easily exploitable by just issuing commands with long

RE: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-16 Thread Castigliola, Angelo
- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of evilninja Sent: Tuesday, November 16, 2004 9:17 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] question regarding CAN-2004-0930 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hi, don't know

Re: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-16 Thread Paul Schmehl
--On Tuesday, November 16, 2004 03:16:44 PM +0100 Christian Kujau [EMAIL PROTECTED] wrote: ls returned *instantly* with No such file or directory and smbd did not go crazy. now i ask myself: how comes? Because in the former case you were attempting to access a file through the daemon. In the

Re: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-16 Thread Christian
Paul Schmehl wrote: Because in the former case you were attempting to access a file through the daemon. In the latter, you were attempting to access a file through a unix utility. The former (smbd) is vulnerable. The latter (ls) apparently is not. hm, i still don't get it: the daemon has to

Re: [Full-Disclosure] question regarding CAN-2004-0930

2004-11-16 Thread upb
Blah, the difference is that the linux shell does * expansion i think. hm, i still don't get it: the daemon has to answer to dir too, doesn't he? the sole reason that ls is a unix utility does not make sense in this context. ___ Full-Disclosure - We