module

Samba lsa_io_trans_names Heap Overflow

Try Surface Command
Back to search
Disclosed
May 14, 2007
Created
May 30, 2018

Description

This module triggers a heap overflow in the LSA RPC service
of the Samba daemon. This module uses the szone_free() to overwrite
the size() or free() pointer in initial_malloc_zones structure.

Authors

Ramon de C Valle [email protected]
Adriano Lima [email protected]
hdm [email protected]

Platform

OSX

Architectures

x86, ppc

References

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


    msf > use exploit/osx/samba/lsa_transnames_heap
    msf exploit(lsa_transnames_heap) > show targets
        ...targets...
    msf exploit(lsa_transnames_heap) > set TARGET < target-id >
    msf exploit(lsa_transnames_heap) > show options
        ...show and set options...
    msf exploit(lsa_transnames_heap) > exploit
Title
Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report