Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Samba 2.0.7 SWAT vulnerabilities
From: Gerald Carter <gcarter () VALINUX COM>
Date: Thu, 2 Nov 2000 07:01:53 -0600

On Mon, 30 Oct 2000, Optyx - Uberhax0r Communications wrote:

The program swat included in the samba
distribution allows username and password bruteforcing.
An attacker can easily generate userlists and then
bruteforce their passwords. Comments in the source
code show that somebody tried to prevent this
from happening[1].

Just an FYI....


These reported problems have been corrected in the
latest version of our HEAD branch code and will be in the
next release of Samba (2.2.0 - currently in alpha release
stages).

Many thanks to Samba developer, Jeremy Allison, for
addressing this.





Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter () valinux com
       http://www.samba.org/       SAMBA Team          jerry () samba org
       http://www.plainjoe.org/                     jerry () plainjoe org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]