Samba NDR RPC Request LsarLookupSids/LsarLookupSids2 Heap-Based Buffer Overflow Vulnerability

UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

An exploit is available for members of the Immunity Partner's program, but is not publicly available. The exploit works on Solaris 8, 9, and 10; it is available at the following URI:

https://www.immunityinc.com/downloads/immpartners/samba_lsa_heap.tgz

The following exploit module for the Metasploit Framework is also available:


 

Privacy Statement
Copyright 2010, SecurityFocus