[Samba] CVE-2008-1105 - clarification request
gustavo at angulosolido.pt
Fri Jun 6 19:49:36 GMT 2008
On Friday 06 June 2008 20:41, Gerald (Jerry) Carter wrote:
> Gustavo Homem wrote:
> > On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote:
> >> Gustavo Homem wrote:
> >>> Hi,
> >>> The announcement states:
> >>> "Secunia Research reported a vulnerability that allows for
> >>> the execution of arbitrary code in smbd"
> >>> Does this means arbitrary code executed "as root" ou as the user that
> >>> is authenticaded after smdb drops privilegies?
> >> Potentially either. smbd never drops privileges and can always
> >> re-become root.
> > Are you sure about this?
> > â”œâ”€smbdâ”€â”¬â”€2*[smbd]
> > â”‚ â”œâ”€smbd(gustavo)
> > â”‚ â””â”€smbd(asdrubal)
> > From pstree I allways see an smbd process for each user mount.
> Yeah. I'm sure. :-) We change to the effective id of the
> user to perform certain operations. And then changes back
> to root when done (with some optimizations to minimize the
> number of security context switches).
Understood. Thanks for the explanation.
> > What I want to know is if the vulnerable call is run as the local user or
> > root.
> Potentially either. Treat this as a potential remote root
> code execution although I've only seen PoC code for clients.
?? Does this vulnerability also affect the samba clients if connecting to an
Angulo Sólido - Tecnologias de Informação
More information about the samba