Gain root remotely : SWAT overflow

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.13660

Categoría: Gain root remotely

Título: SWAT overflow

Resumen: NOSUMMARY

Descripción: Description:

The remote host is running SWAT - a web-based administration tool for
Samba.

There is a buffer overflow condition in the remote version of this software
which might allow an attacker to execute arbitrary code on the remote host
by sending a malformed authorization request (or any malformed base64 data).

Solution : Upgrade to Samba 3.0.5
Risk factor : High

Referencia Cruzada: BugTraq ID: 10780
Common Vulnerability Exposure (CVE) ID: CVE-2004-0600
Bugtraq: 20040722 SWAT PreAuthorization PoC (Google Search)
http://marc.info/?l=bugtraq&m=109053195818351&w=2
Bugtraq: 20040722 Samba 3.x swat preauthentication buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=109052647928375&w=2
Bugtraq: 20040722 Security Release - Samba 3.0.5 and 2.2.10 (Google Search)
http://marc.info/?l=bugtraq&m=109051340810458&w=2
Bugtraq: 20040722 TSSA-2004-014 - samba (Google Search)
http://marc.info/?l=bugtraq&m=109052891507263&w=2
Bugtraq: 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba) (Google Search)
http://marc.info/?l=bugtraq&m=109051533021376&w=2
Conectiva Linux advisory: CLA-2004:851
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851
Conectiva Linux advisory: CLA-2004:854
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854
http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11445
http://www.redhat.com/support/errata/RHSA-2004-259.html
SuSE Security Announcement: SUSE-SA:2004:022 (Google Search)
http://www.novell.com/linux/security/advisories/2004_22_samba.html
http://www.trustix.org/errata/2004/0039/
XForce ISS Database: samba-swat-base64-bo(16785)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16785

Copyright This script is Copyright (C) 2004 Tenable Network Security

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.13660
Categoría:	Gain root remotely
Título:	SWAT overflow
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is running SWAT - a web-based administration tool for Samba. There is a buffer overflow condition in the remote version of this software which might allow an attacker to execute arbitrary code on the remote host by sending a malformed authorization request (or any malformed base64 data). Solution : Upgrade to Samba 3.0.5 Risk factor : High
Referencia Cruzada:	BugTraq ID: 10780 Common Vulnerability Exposure (CVE) ID: CVE-2004-0600 Bugtraq: 20040722 SWAT PreAuthorization PoC (Google Search) http://marc.info/?l=bugtraq&m=109053195818351&w=2 Bugtraq: 20040722 Samba 3.x swat preauthentication buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=109052647928375&w=2 Bugtraq: 20040722 Security Release - Samba 3.0.5 and 2.2.10 (Google Search) http://marc.info/?l=bugtraq&m=109051340810458&w=2 Bugtraq: 20040722 TSSA-2004-014 - samba (Google Search) http://marc.info/?l=bugtraq&m=109052891507263&w=2 Bugtraq: 20040722 [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba) (Google Search) http://marc.info/?l=bugtraq&m=109051533021376&w=2 Conectiva Linux advisory: CLA-2004:851 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 Conectiva Linux advisory: CLA-2004:854 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000854 http://www.gentoo.org/security/en/glsa/glsa-200407-21.xml http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11445 http://www.redhat.com/support/errata/RHSA-2004-259.html SuSE Security Announcement: SUSE-SA:2004:022 (Google Search) http://www.novell.com/linux/security/advisories/2004_22_samba.html http://www.trustix.org/errata/2004/0039/ XForce ISS Database: samba-swat-base64-bo(16785) https://exchange.xforce.ibmcloud.com/vulnerabilities/16785
Copyright	This script is Copyright (C) 2004 Tenable Network Security