Bugtraq mailing list archives

Re: Samba 2.0.7 SWAT vulnerabilities

From: Gerald Carter <gcarter () VALINUX COM>
Date: Thu, 2 Nov 2000 07:01:53 -0600

On Mon, 30 Oct 2000, Optyx - Uberhax0r Communications wrote:

The program swat included in the samba
distribution allows username and password bruteforcing.
An attacker can easily generate userlists and then
bruteforce their passwords. Comments in the source
code show that somebody tried to prevent this
from happening[1].


Just an FYI....


These reported problems have been corrected in the
latest version of our HEAD branch code and will be in the
next release of Samba (2.2.0 - currently in alpha release
stages).

Many thanks to Samba developer, Jeremy Allison, for
addressing this.





Cheers, jerry
----------------------------------------------------------------------
   /\  Gerald (Jerry) Carter                     Professional Services
 \/    http://www.valinux.com/  VA Linux Systems   gcarter () valinux com
       http://www.samba.org/       SAMBA Team          jerry () samba org
       http://www.plainjoe.org/                     jerry () plainjoe org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

Current thread:

Re: Samba 2.0.7 SWAT vulnerabilities Richard Trott (Nov 03)
- Re: Samba 2.0.7 SWAT vulnerabilities Gerald Carter (Nov 03)
- Re: Samba 2.0.7 SWAT vulnerabilities Ryan Gray (Nov 03)
- <Possible follow-ups>
- Re: Samba 2.0.7 SWAT vulnerabilities Patrik Sternudd (Nov 05)