On Wed, 30 Jun 1999, David O'Brien wrote: > On Tue, Jun 29, 1999 at 06:54:06PM -0400, Bill Fumerola wrote: > > Unless there is strong feelings against it, I'd like to commit the smb > > patches (as seen on www.samba.org) > > Cool! I've been meaning to do this for quite some time. HOWEVER, please > reference this PGP signed email (I'll send you the full copy) in the > commit message:
Excellent. > Note that the Tcpdump patches from www.samba.org are under the GPL. > Andrew Tridgell also warned: > > I should warn you though that there are some security issues with my > tcpdump-smb patches. It is possible for a malicious user to put > packets on the wire that will cause a buffer overflow in the SMB > parser in that code. That could lead to a root exploit. > > I just haven't got around to fixing it yet. Hmmm.. but a non-superuser never sees any of those malicious packets, and the program is not installed suid, so how would that happen? - bill fumerola - bi...@chc-chimes.com - BF1560 - computer horizons corp - - ph:(800) 252-2421 - bfume...@computerhorizons.com - bi...@freebsd.org - To Unsubscribe: send mail to majord...@freebsd.org with "unsubscribe freebsd-hackers" in the body of the message
