|
Bugtraq
mailing list archives
Re: Samba 2.0.7 SWAT vulnerabilities
From: Gerald Carter <gcarter () VALINUX COM>
Date: Thu, 2 Nov 2000 07:01:53 -0600
On Mon, 30 Oct 2000, Optyx - Uberhax0r Communications wrote:
The program swat included in the samba
distribution allows username and password bruteforcing.
An attacker can easily generate userlists and then
bruteforce their passwords. Comments in the source
code show that somebody tried to prevent this
from happening[1].
Just an FYI....
These reported problems have been corrected in the
latest version of our HEAD branch code and will be in the
next release of Samba (2.2.0 - currently in alpha release
stages).
Many thanks to Samba developer, Jeremy Allison, for
addressing this.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter () valinux com
http://www.samba.org/ SAMBA Team jerry () samba org
http://www.plainjoe.org/ jerry () plainjoe org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
 By Date 
By Thread
Current thread:
|
Intro
