Web lists-archives.com

Re: [Samba] CVE-2008-4250?

Thanks for the info.

Best regards :D
The implementation of the test in Nessus is incorrect.

Here are the two (yes, for silly reasons) implementations in Samba:

WERROR _srvsvc_NetPathCompare(struct pipes_struct *p,
			      struct srvsvc_NetPathCompare *r)
	p->fault_state = DCERPC_FAULT_OP_RNG_ERROR;

static WERROR dcesrv_srvsvc_NetPathCompare(struct dcesrv_call_state
*dce_call, TALLOC_CTX *mem_ctx,
		       struct srvsvc_NetPathCompare *r)

As you can see from

Any fault code is assumed to mean a vulnerable server, the RNG_ERROR
(yet another way to say not implemented) included.

Hopefully this is enough to assist you, if you need to assuage an
auditor then I suggest submitting a patch implementing it.

This won't be hard, the clue is in the implementation note:

Section The server does a standard C string comparison on the
canonicalized path names and returns the result.

Section No security restrictions are imposed by Windows-based
server implementations on the caller.

I hope this helps,

Andrew Bartlett

* Téc. Leslie León Sinclair
* Administrador de Redes - AzumatHB
* Another happy Slackware & Debian GNU/Linux user
* Blog: https://admlinux.cubava.cu
* Proud GNU/Linux User #445535
* ☎ +49-170-7683042

To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba