[Samba] Kulak exploit

John H Terpstra jht at samba.org
Wed Jun 11 16:19:04 GMT 2003

On Wed, 11 Jun 2003, Chris Gonnerman wrote:

> Some time ago one of my customer's computers was compromised by outside
> attackers, and though we were able to clean it up I never learned how.
> A few weeks back, my own office machine was hacked and the signs were
> similar; but this time I found an exploit program named "kulak" in my
> /tmp directory.
> Evidently (according to the source, which the attacker left behind also)
> kulak exploits a buffer overflow in Samba 2.2.8 to get a root shell.  I
> searched Google to no avail for this exploit; so I am asking here.  Is
> this bug fixed in later versions?  Has anyone even heard of this?

Fixed in 2.2.8a.

- John T.

John H Terpstra
Email: jht at samba.org

More information about the samba mailing list