| VID |
23078 |
| Severity |
20 |
| Port |
901 |
| Protocol |
TCP |
| Class |
SWAT |
| Detailed Description |
A SWAT (Samba Web Administration Tool) has been detected as running on the target host.
The Samba software suite is a collection of programs that implements the SMB protocol for Unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 901. SWAT allows Samba users to change their passwords, and offers to the sysadmin an easy-to-use GUI to configure Samba. However, it is not recommended to let SWAT be accessed by the world, as it allows a remote attacker to attempt to brute force some accounts passwords. In addition to this, the traffic between SWAT and web clients is not ciphered, so an eavesdropper can gain clear text passwords easily.
* Platforms Affected:
Samba Any version
Linux Any version
UNIX Any version |
| Recommendation |
Block access to SWAT service (by default TCP port 901) from untrusted networks.
If it is not need, disable SWAT by commenting the relevant /etc/inetd.conf line. |
| Related URL |
CVE-2000-0935 (CVE) |
| Related URL |
1872 (SecurityFocus) |
| Related URL |
5443 (ISS) |
|
