[Samba] [Samba 3.0.37] EnumPrinters memory consumption
Gabriele Avosani
g.avosani at gmail.com
Mon May 18 12:32:19 MDT 2015
Hello, i discovered a bug in EnumPrinters.
It seems that it allocates many mega of memory, corrupting memory and
taking control of a memcpy in parse_prs.c:398
It leads to memory corruption, fatal (and fast) exhaustion of resources
and, probably, remote code execution.
I attach a file that can be used as a proof of concept.
Gabriele Avosani
(looking for remote work as programmer, if in need, email me at
g.avosani at gmail.com (PHP, Perl, C/C++, Java and more))
More information about the samba
mailing list