[34710] in bugtraq
Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow.
daemon@ATHENA.MIT.EDU (3APA3A)
Thu Apr 29 14:35:19 2004
Date: Thu, 29 Apr 2004 14:12:34 +0400
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Message-ID: <917681160.20040429141234@SECURITY.NNOV.RU>
To: "KF (lists)" <kf_lists@secnetops.com>
Cc: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com
In-Reply-To: <4090447B.8000506@secnetops.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
Dear KF (lists),
--Thursday, April 29, 2004, 3:55:39 AM, you wrote to bugtraq@securityfocus.com:
Kl> Thus far I have been unable to locate a good unicode return address...
Kl> but thats not to say there is not one there. =] . For those of you
Kl> wondering smb.conf DOES allow for characters like \x90 and other things
Kl> of that nature.
It shouldn't be hard to patch Samba to export share name as Unicode. In
this case exploitation is trivial.
Kl> enjoy.
Kl> -KF
Kl> Paul Szabo wrote:
>>
>>Anyway, http://support.microsoft.com/?kbid=322857 lies when it says this is
>>fixed in W2kSP4; or maybe that KB article refers to a different problem: it
>>say the error should be "Access Violation", I got "Program Error".
>>
>>Cheers,
>>
>>Paul Szabo - psz@maths.usyd.edu.au
>>http://www.maths.usyd.edu.au:8000/u/psz/
>>School of Mathematics and Statistics University of Sydney 2006 Australia
>>
>>
>>
Kl> _______________________________________________
Kl> Full-Disclosure - We believe in it.
Kl> Charter: http://lists.netsys.com/full-disclosure-charter.html
--
~/ZARAZA
Бросьте стараться - ничего из этого не выйдет. (Твен)
