 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.150717 |
| Kategorie: | Buffer overflow |
| Titel: | Samba 3.0.2 <= 3.0.4 Buffer Overflow Vulnerability (CVE-2004-0600) |
| Zusammenfassung: | Potential Buffer Overrun in SWAT, Samba 3.0.2 - 3.0.4. |
| Beschreibung: | Summary: Potential Buffer Overrun in SWAT, Samba 3.0.2 - 3.0.4. Vulnerability Insight: The internal routine used by the Samba Web Administration Tool (SWAT v3.0.2 and later) to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. It is recommended that all Samba v3.0.2 or later installations running SWAT either (a) upgrade to v3.0.5, or (b) disable the swat administration service as a temporary workaround. This same code is used internally to decode the sambaMungedDial attribute value when using the ldapsam passdb backend. While we do not believe that the base64 decoding routines used by the ldapsam passdb backend can be exploited, sites using an LDAP directory service with Samba are strongly encouraged to verify that the DIT only allows write access to sambaSamAccount attributes by a sufficiently authorized user. Affected Software/OS: Samba versions 3.0.2 through 3.0.4. Solution: Update to version 3.0.5 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-0600 Bugtraq: 20040722 SWAT PreAuthorization PoC (Google Search) http://marc.info/?l=bugtraq&m=109053195818351&w=2 Bugtraq: 20040722 Samba 3.x swat preauthentication buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=109052647928375&w=2 Bugtraq: 20040722 Security Release - Samba 3.0.5 and 2.2.10 (Google Search) http://marc.info/?l=bugtraq&m=109051340810458&w=2 Bugtraq: 20040722 TSSA-2004-014 - samba (Google Search) http://marc.info/?l=bugtraq&m=109052891507263&w=2 Bugtraq: 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=109051533021376&w=2 Conectiva Linux advisory: CLA-2004:851 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 Conectiva Linux advisory: CLA-2004:854 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854 http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11445 http://www.redhat.com/support/errata/RHSA-2004-259.html SuSE Security Announcement: SUSE-SA:2004:022 (Google Search) http://www.novell.com/linux/security/advisories/2004_22_samba.html http://www.trustix.org/errata/2004/0039/ XForce ISS Database: samba-swat-base64-bo(16785) https://exchange.xforce.ibmcloud.com/vulnerabilities/16785 |
| Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |