27 matches found
curl: SMB READ_ANDX DataOffset not validated
Summary: in smbrequeststate case SMBDOWNLOAD curl reads two server-controlled fields from a READANDX response and uses them to decide where in the receive buffer file data starts. c / lib/smb.c / len = Curlread16leconst unsigned char msg + sizeofstruct smbheader + 11; off = Curlread16leconst...
curl: Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response
================================================================================ DESCRIPTION: ================================================================================ Summary: I discovered a heap buffer over-read vulnerability in libcurl's SMB protocol implementation. A malicious SMB serv...
curl: Heap Buffer Over-Read via Malicious SMB Server READ_ANDX Response
================================================================================ DESCRIPTION: ================================================================================ Summary: I discovered a heap buffer over-read vulnerability in libcurl's SMB protocol implementation. A malicious SMB serv...
SUSE CVE-2010-1642
The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...
SUSE CVE-2012-0870
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a Batched aka AndX...
Samba < 3.4.0 Remote Code Execution Vulnerability (CVE-2012-0870)
Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program ...
SMB Tree Connect AndX Detection
Binary data 700003.prm...
openSUSE Security Update : samba (openSUSE-SU-2012:0507-1)
" - Add the ldapsmb sources as else patches against them have no chance to apply. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the 'root' user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; bso8815...
SuSE 11.2 Security Update : Samba (SAT Patch Number 6145)
"The following issues have been fixed in Samba : - PIDL based autogenerated code uses client supplied size values which allows attackers to write beyond the allocated array size. CVE-2012-1182 - Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions. CVE-2012-0870 - Fix...
Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...
Samba 'AndX' Request Heap-Based Buffer Overflow
Binary data sambaandxheapoverflow.nbin...
Samba 'AndX'请求堆缓冲区溢出漏洞(CVE-2012-0870)
No description provided by source...
samba: Any Batched ("AndX") request processing infinite recursion and heap-based buffer overflow
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via a Batched aka AndX...
Remote code execution vulnerability in smbd
Description Samba versions up to 3.4.0 do not ensure that AndX offsets of the smb daemon smbd are increasing strictly monotonically. Therefore a remote code execution vulnerability exists in the smbd service. A remote attacker could use the vulnerability to launch an exploit over a network...
Null pointer dereference
The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...
CVE-2010-1635
The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...
CVE-2010-1642
The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...
CVE-2010-1642
The replysesssetupandXspnego function in sesssetup.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to trigger an out-of-bounds read, and cause a denial of service process crash, via a \xff\xff security blob length in a Session Setup AndX request...
CVE-2010-1635
The chainreply function in process.c in smbd in Samba before 3.4.8 and 3.5.x before 3.5.2 allows remote attackers to cause a denial of service NULL pointer dereference and process crash via a Negotiate Protocol request with a certain 0x0003 field value followed by a Session Setup AndX request wit...
SMB AndX File Handle Detection (server)
Binary data 5054.prm...