nlog-smb NetBIOS Name Metacharacter Vulnerability

nlog-smb NetBIOS Name Metacharacter Vulnerability

nlog is a suite of log management Perl scripts designed for the nmap port scanning utility. In addition to log management functions, it contains a number of "extensions" including nlog-smb.pl - a script that attempts to retrieve certain server information via SMB. Versions of this script included in packages prior to version 1.1b are vulnerable to a metacharacter filtering problem; an attacker can set the NETBIOS name on an accessible machine to a command encapsulated with semi-colons, eg. ;COMMAND;. The script nlog-smb.pl can then be used (on the remote, target machine) to scan the local machine with the malicious NETBIOS name. The command embedded in the NETBIOS name is then executed on the target host. This attack is limited against certain operating systems as the command executed is restricted to upper case characters. This problem was fixed in version 1.1b.