[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Samba 3.x swat preauthentication buffer overflow

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: [Full-Disclosure] Samba 3.x swat preauthentication buffer overflow
From: "Evgeny Demidov" <demidov@xxxxxxxx>
Date: Thu, 22 Jul 2004 19:05:55 +0400

Name: Samba 3.x swat preauthentication buffer overflow Date: 22 Jule 2004 CVE candidate: CAN-2004-0600 Author: Evgeny Demidov

Description:

There exists a remote preauthentication buffer overflow in Samba 3.x swat administration service. All version of Samba 3.0.2-3.0.4 are vulnerable to our knowledge.

Fix:

Samba 3.0.5 which fixes this problem is available: http://www.samba.org/samba/whatsnew/samba-3.0.5.html

History:

28 April 2004 - vulnerability has been discovered during Samba source code audit by Evgeny Demidov 29 April 2004 - vulnerability details has been made available to VulnDisco clients 14 Jule 2004 - vulnerability has been reported to Samba Team 22 Jule 2004 - public release of the advisory

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] OFF TOPIC: antisemitic troll
Next by Date: Re: [OT] Middle East (was Re: [Full-Disclosure] IE)
Previous by thread: [Full-Disclosure] [OT] assembly
Next by thread: [Full-Disclosure] "Fud, lies and libel" against (type any name here, I'll use mi2g)
Index(es):
- Date
- Thread