[10739] in bugtraq
Re: Buffer overflows in smbval library
daemon@ATHENA.MIT.EDU (Patrick Michael Kane)
Mon Jun 7 13:57:34 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19990607084421.A9224@wealsowalkdogs.com>
Date: Mon, 7 Jun 1999 08:44:21 -0700
Reply-To: Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM>
From: Patrick Michael Kane <pmk@WEALSOWALKDOGS.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <19990606195744.A4057@wealsowalkdogs.com>; from Patrick Michael
Kane on Sun, Jun 06, 1999 at 07:57:44PM -0700
One follow-up. I misattributed authorship of the smbval library. It was
written by Richard Sharpe, not Alexander O. Yuriev.
Thanks,
* Patrick Michael Kane (pmk@wealsowalkdogs.com) [990606 19:56]:
> While working on my Authen::Smb wrapper, which provides SMB authentication
> to UNIX hosts via perl, I discovered that the library that it is based on,
> smbvalid.a (originally written by Alexander O. Yuriev, patched by many folks
> through time -- available from a number of places via http/ftp), has a
> number of exploitable buffer overflows.
>
> The username and password arrays, among others, are vulnerable to overflow.
> Remotely accessible applications that rely on the smbvalid library for
> authentication may be vulnerable to remote attack. At this time,
> Apache::AuthenSmb, a mod_perl-based authentication module for Apache, is the
> only formal application I am aware of that is vulnerable. Custom developed
> applications should be examined for possible vulnerabilities.
>
> Authen::Smb 0.9 has been released which addresses this problem and is
> available via CPAN.
>
> pam_smb, which is also built around smbvalid, does _not_ apper to be
> vulnerable to attacks.
>
> No patches are available to correct the problem in the library itself at
> this time.
>
> Thanks,
> --
> Patrick Michael Kane
> We Also Walk Dogs
> <pmk@wealsowalkdogs.com>
--
Patrick Michael Kane
We Also Walk Dogs
<pmk@wealsowalkdogs.com>
