[10736] in bugtraq
Buffer overflows in smbval library
daemon@ATHENA.MIT.EDU (Patrick Michael Kane)
Mon Jun 7 13:57:28 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990606195744.A4057@wealsowalkdogs.com>
Date: Sun, 6 Jun 1999 19:57:44 -0700
Reply-To: Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM>
From: Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM>
To: BUGTRAQ@NETSPACE.ORG
While working on my Authen::Smb wrapper, which provides SMB authentication
to UNIX hosts via perl, I discovered that the library that it is based on,
smbvalid.a (originally written by Alexander O. Yuriev, patched by many folks
through time -- available from a number of places via http/ftp), has a
number of exploitable buffer overflows.
The username and password arrays, among others, are vulnerable to overflow.
Remotely accessible applications that rely on the smbvalid library for
authentication may be vulnerable to remote attack. At this time,
Apache::AuthenSmb, a mod_perl-based authentication module for Apache, is the
only formal application I am aware of that is vulnerable. Custom developed
applications should be examined for possible vulnerabilities.
Authen::Smb 0.9 has been released which addresses this problem and is
available via CPAN.
pam_smb, which is also built around smbvalid, does _not_ apper to be
vulnerable to attacks.
No patches are available to correct the problem in the library itself at
this time.
Thanks,
--
Patrick Michael Kane
We Also Walk Dogs
<pmk@wealsowalkdogs.com>
