Green, Paul [mailto:[EMAIL PROTECTED] wrote: > The 2.2.8 release notes say: > > > A buffer overrun condition exists in the SMB/CIFS packet fragment > > re-assembly code in smbd which would allow an attacker to cause smbd > > to overwrite arbitrary areas of memory in its own process address > > space. This could allow a skilled attacker to inject binary specific > > exploit code into smbd.
I have written a short test case (available upon request) to confirm that Stratus VOS, when running on the HP PA-RISC hardware, is not susceptible to such an attack. While such an attack can indeed be used to insert code onto the VOS stack, as soon as the processor attempts to begin executing the code it will take a no-execute permission fault or an invalid-page fault. Therefore, the last sentence of this warning in the 2.2.8 release notes about "inject[ing] binary specific exploit code into smbd" does not apply to VOS on HP PA-RISC. As other experts have noted, there are probably other OS/Hardware combinations that are also immune to this attack. I hope other maintainers will post such information so that we can have a public record, and not needlessly scare our customers. Thanks PG -- Paul Green, Senior Technical Consultant, Stratus Technologies, Maynard, MA USA Voice: +1 978-461-7557; FAX: +1 978-461-3610 Speaking from Stratus not for Stratus