Some time ago one of my customer's computers was compromised by outside attackers, and though we were able to clean it up I never learned how. A few weeks back, my own office machine was hacked and the signs were similar; but this time I found an exploit program named "kulak" in my /tmp directory. Evidently (according to the source, which the attacker left behind also) kulak exploits a buffer overflow in Samba 2.2.8 to get a root shell. I searched Google to no avail for this exploit; so I am asking here. Is this bug fixed in later versions? Has anyone even heard of this? -- Chris.
On Wed, 11 Jun 2003, Chris Gonnerman wrote:> Some time ago one of my customer's computers was compromised by outside > attackers, and though we were able to clean it up I never learned how. > A few weeks back, my own office machine was hacked and the signs were > similar; but this time I found an exploit program named "kulak" in my > /tmp directory. > > Evidently (according to the source, which the attacker left behind also) > kulak exploits a buffer overflow in Samba 2.2.8 to get a root shell. I > searched Google to no avail for this exploit; so I am asking here. Is > this bug fixed in later versions? Has anyone even heard of this?Fixed in 2.2.8a. - John T. -- John H Terpstra Email: jht@samba.org
John H Terpstra wrote:>On Wed, 11 Jun 2003, Chris Gonnerman wrote: > > >>Evidently (according to the source, which the attacker left behind also) >>kulak exploits a buffer overflow in Samba 2.2.8 to get a root shell. I >>searched Google to no avail for this exploit; so I am asking here. Is >>this bug fixed in later versions? Has anyone even heard of this? >> >Fixed in 2.2.8a. > >Thanks for the assist! -- Chris.