Bugtraq mailing list archives
Re: Samba 2.0.7 SWAT vulnerabilities
From: Gerald Carter <gcarter () VALINUX COM>
Date: Thu, 2 Nov 2000 07:01:53 -0600
On Mon, 30 Oct 2000, Optyx - Uberhax0r Communications wrote:The program swat included in the samba distribution allows username and password bruteforcing. An attacker can easily generate userlists and then bruteforce their passwords. Comments in the source code show that somebody tried to prevent this from happening[1].
Just an FYI.... These reported problems have been corrected in the latest version of our HEAD branch code and will be in the next release of Samba (2.2.0 - currently in alpha release stages). Many thanks to Samba developer, Jeremy Allison, for addressing this. Cheers, jerry ---------------------------------------------------------------------- /\ Gerald (Jerry) Carter Professional Services \/ http://www.valinux.com/ VA Linux Systems gcarter () valinux com http://www.samba.org/ SAMBA Team jerry () samba org http://www.plainjoe.org/ jerry () plainjoe org "...a hundred billion castaways looking for a home." - Sting "Message in a Bottle" ( 1979 )
Current thread:
- Re: Samba 2.0.7 SWAT vulnerabilities Richard Trott (Nov 03)
- Re: Samba 2.0.7 SWAT vulnerabilities Gerald Carter (Nov 03)
- Re: Samba 2.0.7 SWAT vulnerabilities Ryan Gray (Nov 03)
- <Possible follow-ups>
- Re: Samba 2.0.7 SWAT vulnerabilities Patrik Sternudd (Nov 05)