The reason is that when you run the "dir" command Samba does the processing and chokes. When you try the latter command "ls" Linux\Unix processes the command and has no problems.
Angelo Castigliola III Enterprise Security Architecture UnumProvident Telephone: 207-575-3820 -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of evilninja Sent: Tuesday, November 16, 2004 9:17 AM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: [Full-Disclosure] question regarding CAN-2004-0930 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 hi, don't know if this is the right place to ask, but here it goes: i was notified by one of my users (!) about the recent samba vulnerability (CAN-2004-0930 [1]) that this is indeed easily "exploitable" by just issuing commands with long wildcard-patterns in the filename part, just as: <smb-share>:\> dir ******.exe ok, my smbd went crazy and the "dir" command was waiting for the result. but: when i mounted the smb-share under linux (mount -t smbfs ....) and issuing $ ls /mnt/smb-share/*******.exe "ls" returned *instantly* with "No such file or directory" and smbd did not go crazy. now i ask myself: how comes? thank you for comments, Christian. [1] http://samba.iasi.roedu.net/samba/security/CAN-2004-0930.html - -- BOFH excuse #120: we just switched to FDDI. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFBmgveC/PVm5+NVoYRAkOFAJ9SdPk1yskCAwAId+wOfCY3n4rR0ACfVB3K mObYXTZxboxpcLnV4vaov9Q= =J3hN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
