written by ling
1. 前言
Samba漏洞(cve-2015-0240)是前几天公布的一个漏洞
https://securityblog.redhat.com/2015/02/23/samba-vulnerability-cve-2015-0240/
,今天看见国外有人公布了poc:
https://gist.github.com/worawit/33cc5534cb555a0b710b
,因此对这个漏洞进行了调试分析。
2. 漏洞成因
漏洞成因在于没有对变量进行初始化
NTSTATUS_netr_ServerPasswordSet(pipes_struct *p,
struct netr_ServerPasswordSet *r)
{
NTSTATUSstatus = NT_STATUS_OK;
structsamu *sampass=NULL;
inti;
structnetlogon_creds_CredentialState *creds;
DEBUG(5,("_netr_ServerPasswordSet:%d\n", __LINE__));
become_root();
status= netr_creds_server_step_check(p, p->mem_ctx,
r->in.computer_name,