mailing list archives
Re: question regarding CAN-2004-0930
From: Paul Schmehl <pauls () utdallas edu>
Date: Tue, 16 Nov 2004 12:16:23 -0600
--On Tuesday, November 16, 2004 03:16:44 PM +0100 Christian Kujau
<evil () g-house de> wrote:
Because in the former case you were attempting to access a file through the
daemon. In the latter, you were attempting to access a file through a unix
utility. The former (smbd) is vulnerable. The latter (ls) apparently is
"ls" returned *instantly* with "No such file or directory" and smbd did
not go crazy. now i ask myself: how comes?
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.