|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon Jul 21 2008 - 16:47:04 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Filesys::SmbClientParser Shell Command Injection Vulnerability
SECUNIA ADVISORY ID:
SA31175
VERIFY ADVISORY:
http://secunia.com/advisories/31175/
CRITICAL:
Less critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Filesys::SmbClientParser 2.x
http://secunia.com/product/19344/
DESCRIPTION:
Jesus Olmos Gonzalez has discovered a vulnerability in
Filesys::SmbClientParser, which can be exploited by malicious people
to compromise an application using the module.
The vulnerability is caused due to the module improperly escaping
characters contained within e.g. the names of shared directories.
This can be exploited to execute arbitrary commands by tricking the
user into processing a specially crafted directory shared by a
malicious SMB server.
The vulnerability is confirmed in version 2.7. Other versions may
also be affected.
SOLUTION:
Do not connect to untrusted servers with applications using the
module.
PROVIDED AND/OR DISCOVERED BY:
Jesus Olmos Gonzalez, Internet Security Auditors
ORIGINAL ADVISORY:
http://packetstormsecurity.org/0807-exploits/smbclientparser-exec.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]