security concerns

Luke Kenneth Casson Leighton lkcl at switchboard.net
Mon Dec 22 17:45:18 GMT 1997 

On Tue, 23 Dec 1997, Matthew Smith wrote:

> Hello.
> 
> I would like to share a file system from a Sun box running Solaris 2.5.1 to
> windows clients over the Internet.

is that definitely "clients" on the windows side?  is it definitely
"server" on the sun?

>  Can someone tell me what security
> issues I should be aware of?

yes, i can.

>  I have heard mention of winnuke and jolt
> crashing Windows machines running Samba.

samba doesn't run on windows.

>  Are there vulnerabilities in
> Samba that can be exploited on Solaris?

mmm.... there was a buffer overflow issue in pre-1.9.17p2, which could
result on, for example linux x86 boxes, in the client being able to
specify the length of the buffer and the contents of the buffer.  if you
knew the size of the target memory area (local to the function call) which
was being used to copy this buffer into, then you could send data that
over-ran the buffer, rewrote the return address of the function call such
that it jumped into the code just copied into the temporary buffer.


what we do now is to use pstrcpy and fstrcpy for the fixed-size temporary
buffers, which print out warning messages in the log files.  the
particularly vulnerable ones which was the example published on the
internet is (were) the SMBsesssetupX and SMBtconX, for which samba now
puts out a _big_ message saying "someone's attacking your computer by
sending a password of greater than 24 characters!".


so, it depends on your architecture as to whether it is vulnerable.  the
sparc processors use a "register window" stack for local parameters, local
variables and function calls, which is separate from heap memory, if i
recall correctly my lectures on their design, in 1990.

so the sparc processor is unlikely to be affected in exactly this way. 
but don't take my word for it: i'm not an expert on security, just a
creative software architect. 

best regards,

luke (samba team)

<a href="mailto:lkcl at switchboard.net"  > Luke Kenneth Casson Leighton  </a>
<a href="http://mailhost.cb1.com/~lkcl"> Samba Consultancy and Support </a>

More information about the samba mailing list