On Wed, 30 Jun 1999, David O'Brien wrote:
> On Tue, Jun 29, 1999 at 06:54:06PM -0400, Bill Fumerola wrote:
> > Unless there is strong feelings against it, I'd like to commit the smb
> > patches (as seen on www.samba.org)
>
> Cool! I've been meaning to do this for quite some time. HOWEVER, please
> reference this PGP signed email (I'll send you the full copy) in the
> commit message:
Excellent.
> Note that the Tcpdump patches from www.samba.org are under the GPL.
> Andrew Tridgell also warned:
>
> I should warn you though that there are some security issues with my
> tcpdump-smb patches. It is possible for a malicious user to put
> packets on the wire that will cause a buffer overflow in the SMB
> parser in that code. That could lead to a root exploit.
>
> I just haven't got around to fixing it yet.
Hmmm.. but a non-superuser never sees any of those malicious packets, and
the program is not installed suid, so how would that happen?
- bill fumerola - [EMAIL PROTECTED] - BF1560 - computer horizons corp -
- ph:(800) 252-2421 - [EMAIL PROTECTED] - [EMAIL PROTECTED] -
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
