[Samba] CVE-2008-1105 - clarification request
Gustavo Homem
gustavo at angulosolido.pt
Fri Jun 6 19:49:36 GMT 2008
On Friday 06 June 2008 20:41, Gerald (Jerry) Carter wrote:
> Gustavo Homem wrote:
> > On Friday 06 June 2008 19:49, Gerald (Jerry) Carter wrote:
> >> Gustavo Homem wrote:
> >>> Hi,
> >>>
> >>> The announcement states:
> >>>
> >>> "Secunia Research reported a vulnerability that allows for
> >>> the execution of arbitrary code in smbd"
> >>>
> >>> Does this means arbitrary code executed "as root" ou as the user that
> >>> is authenticaded after smdb drops privilegies?
> >>
> >> Potentially either. smbd never drops privileges and can always
> >> re-become root.
> >
> > Are you sure about this?
> >
> > ├─smbd─┬─2*[smbd]
> > │ ├─smbd(gustavo)
> > │ └─smbd(asdrubal)
> >
> > From pstree I allways see an smbd process for each user mount.
>
> Yeah. I'm sure. :-) We change to the effective id of the
> user to perform certain operations. And then changes back
> to root when done (with some optimizations to minimize the
> number of security context switches).
Understood. Thanks for the explanation.
>
> > What I want to know is if the vulnerable call is run as the local user or
> > root.
>
> Potentially either. Treat this as a potential remote root
> code execution although I've only seen PoC code for clients.
?? Does this vulnerability also affect the samba clients if connecting to an
infected server?
Best regards
Gustavo
--
Angulo Sólido - Tecnologias de Informação
http://angulosolido.pt
More information about the samba
mailing list