From: Andreas Bogk (andreasandreas.org)
Date: Fri Apr 10 2009 - 07:21:05 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Marcus Meissner schrieb:
>> fixing a remotely exploitable buffer overflow vulnerability in the
>> CIFS protocol.
> assuming a malicious server.

Right. And assuming you can get the user to click on a link like

smb://naked-teenage-girls-with-horses.evilhaxxx0r.com/

Unfortunately, this is a realistic attack scenario.

> Even we as Linux distributors should probably set some people up to
> study the .stable releases for such things.

I think you absolutely have to, if you want to provide professional
services to customers. As if you hadn't enough work to do already...

Andreas

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]