Gabriele Avosani
2015-May-18 18:40 UTC
[Samba] [Samba 3.0.37] EnumPrinters memory consumption
Hello, i discovered a bug in EnumPrinters. It seems that it allocates many mega of memory, corrupting memory and taking control of a memcpy in parse_prs.c:398 It leads to memory corruption, fatal (and fast) exhaustion of resources and, probably, remote code execution. I attach a file that can be used as a proof of concept. Gabriele Avosani (looking for remote work as programmer, if in need, email me at g.avosani at gmail.com (PHP, Perl, C/C++, Java and more))
Rowland Penny
2015-May-18 18:52 UTC
[Samba] [Samba 3.0.37] EnumPrinters memory consumption
On 18/05/15 19:40, Gabriele Avosani wrote:> Hello, i discovered a bug in EnumPrinters. > It seems that it allocates many mega of memory, corrupting memory and > taking control of a memcpy in parse_prs.c:398 > > It leads to memory corruption, fatal (and fast) exhaustion of resources > and, probably, remote code execution. > > I attach a file that can be used as a proof of concept. > > > Gabriele Avosani > > (looking for remote work as programmer, if in need, email me at > g.avosani at gmail.com (PHP, Perl, C/C++, Java and more)) > >I do not think you will get this fixed, 3.0.x went EOL at the end of 2009. If you are still using 3.0.37, can I suggest that you upgrade to a later maintained release. Rowland