Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: question regarding CAN-2004-0930
From: "evil" <evilninja () gmx net>
Date: Thu, 18 Nov 2004 01:12:57 +0100

On Wed, 17 Nov 2004 17:49:12 -0600, Paul Schmehl wrote

When you do an "ls", you are making a call that the *os* has 
to respond to. The os is *not* vulnerable, so it (properly)
rejects the request as malformed.

i think i get it now. as someone else explained is "wildcard expansion"
also an issue here. so the (linux) os responds, before the smbd could
even notice the call.

Hopefully that makes more sense to you.

yes, thank you.

BOFH excuse #433:

error: one bad user found in front of screen

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]