Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Samba 3.x swat preauthentication buffer overflow
From: "Evgeny Demidov" <demidov () gleg net>
Date: Thu, 22 Jul 2004 19:05:55 +0400

Name: Samba 3.x swat preauthentication buffer overflow
Date:          22 Jule 2004
CVE candidate: CAN-2004-0600
Author:        Evgeny Demidov


There exists a remote preauthentication buffer overflow in Samba 3.x swat administration service. All version of Samba 3.0.2-3.0.4 are vulnerable to our knowledge.


Samba 3.0.5 which fixes this problem is available: http://www.samba.org/samba/whatsnew/samba-3.0.5.html


28 April 2004 - vulnerability has been discovered during Samba source code audit by Evgeny Demidov 29 April 2004 - vulnerability details has been made available to VulnDisco clients 14 Jule 2004 - vulnerability has been reported to Samba Team
22 Jule  2004 - public release of the advisory

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Samba 3.x swat preauthentication buffer overflow Evgeny Demidov (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]