Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: question regarding CAN-2004-0930
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 16 Nov 2004 12:16:23 -0600

--On Tuesday, November 16, 2004 03:16:44 PM +0100 Christian Kujau <evil () g-house de> wrote:

"ls" returned *instantly* with "No such file or directory" and smbd did
not go crazy. now i ask myself: how comes?

Because in the former case you were attempting to access a file through the daemon. In the latter, you were attempting to access a file through a unix utility. The former (smbd) is vulnerable. The latter (ls) apparently is not.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]