lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 04 Feb 2004 07:30:40 +1300 From: Steve Wray <steve.wray@...adise.net.nz> To: "'Daniel Kabs [ML]'" <dkabs@...otix.com>, bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: RE: smbmount disrupts Windows file sharing. Has anyone tried to replicate this from Windows? (ie create a windows batch file which does the same thing)? Or is the windows batch file language too restricted to allow this sort of script? Forgive my windows ignorance... > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > Daniel Kabs [ML] > Sent: Tuesday, 3 February 2004 4:41 > To: bugtraq@...urityfocus.com; full-disclosure@...ts.netsys.com > Subject: [Full-Disclosure] smbmount disrupts Windows file sharing. > > > Announced: 2004-02-02 > Type: Denial of Service Attack on Windows > Impact: smbmount can stop Windows from sharing files > Writer: Daniel Kabs, Germany (daniel.kabs@....de) > Credits: Thanks to Steve Ladjabi (steve.ladjabi@....de) > > Contents: > 1. Abstract > 2. Affected Systems > 3. Attack Setup > 4. Symptoms > 5. Workaround > > > 1. Abstract > > A security vulnerability of "Windows XP" and "Windows 2003 > Server" has been found. Theses systems are open to a denial > of service attack. If they share folders to a Unix client > that is using smbmount (part of the Samba suite), any user > on the client who has permissions to create directories on > the mounted share can stop the Windows system from serving > files. The attack induces a memory shortage on the Windows > system by creating directories in a special way. [snip] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists