[17468] in bugtraq
Re: Samba 2.0.7 SWAT vulnerabilities
daemon@ATHENA.MIT.EDU (Gerald Carter)
Thu Nov 2 13:35:52 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <3A0165C1.CFB2A02D@valinux.com>
Date: Thu, 2 Nov 2000 07:01:53 -0600
Reply-To: Gerald Carter <gcarter@VALINUX.COM>
From: Gerald Carter <gcarter@VALINUX.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
> On Mon, 30 Oct 2000, Optyx - Uberhax0r Communications wrote:
>
> > The program swat included in the samba
> > distribution allows username and password bruteforcing.
> > An attacker can easily generate userlists and then
> > bruteforce their passwords. Comments in the source
> > code show that somebody tried to prevent this
> > from happening[1].
Just an FYI....
These reported problems have been corrected in the
latest version of our HEAD branch code and will be in the
next release of Samba (2.2.0 - currently in alpha release
stages).
Many thanks to Samba developer, Jeremy Allison, for
addressing this.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com
http://www.samba.org/ SAMBA Team jerry@samba.org
http://www.plainjoe.org/ jerry@plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )
