Rob klein Gunnewiek wrote:
Not completely so. Issuing the command using the client causes that
the wildcards are sent to the server where globbing is handled..
there's also where the error occurs. When you mount it first and you
do the 'ls' command, your local BASH (not 'ls') handles the globbing
--On Wednesday, November 17, 2004 12:13:52 AM +0100 Christian
[EMAIL PROTECTED] wrote:
hm, i still don't get it: the daemon has to answer to dir too, doesn't
he? the sole reason that ls is a unix utility does not make sense in
this context. ls and dir are not vulnerable here, sure, but this
still
On Wed, 17 Nov 2004 17:49:12 -0600, Paul Schmehl wrote
When you do an ls, you are making a call that the *os* has
to respond to. The os is *not* vulnerable, so it (properly)
rejects the request as malformed.
i think i get it now. as someone else explained is wildcard expansion
also an issue
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
don't know if this is the right place to ask, but here it goes:
i was notified by one of my users (!) about the recent samba vulnerability
(CAN-2004-0930 [1]) that this is indeed easily exploitable by just
issuing commands with long
-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of evilninja
Sent: Tuesday, November 16, 2004 9:17 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: [Full-Disclosure] question regarding CAN-2004-0930
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
hi,
don't know
--On Tuesday, November 16, 2004 03:16:44 PM +0100 Christian Kujau
[EMAIL PROTECTED] wrote:
ls returned *instantly* with No such file or directory and smbd did
not go crazy. now i ask myself: how comes?
Because in the former case you were attempting to access a file through the
daemon. In the
Paul Schmehl wrote:
Because in the former case you were attempting to access a file through
the daemon. In the latter, you were attempting to access a file through
a unix utility. The former (smbd) is vulnerable. The latter (ls)
apparently is not.
hm, i still don't get it: the daemon has to
Blah, the difference is that the linux shell does * expansion i think.
hm, i still don't get it: the daemon has to answer to dir too, doesn't
he? the sole reason that ls is a unix utility does not make sense in
this context.
___
Full-Disclosure - We