| VID |
23079 |
| Severity |
30 |
| Port |
901 |
| Protocol |
TCP |
| Class |
SWAT |
| Detailed Description |
The SWAT server replies with different error codes when it is issued an invalid user name.
The Samba software suite is a collection of programs that implements the SMB protocol for Unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager or NetBIOS protocol. Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 901.
SWAT in Samba 2.0.7 returns a different error message when a valid username is provided versus an invalid name, which allows a remote attacker to identify valid users on the server. The attacker could use this flaw to generate a list of valid usernames on the system without being logged or locked out.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
* Platforms Affected:
Samba 2.0.7
Samba Any version
Linux Any version
UNIX Any version |
| Recommendation |
Upgrade to the latest version of Samba (3.0.5 and 2.2.10 or later), available from the Samba Web site at http://samba.org/samba/samba.html
-- OR --
Block access to SWAT service (by default TCP port 901) from untrusted networks. If it is not need, disable SWAT by commenting the relevant /etc/inetd.conf line. |
| Related URL |
CVE-2000-0937,CVE-2000-0938 (CVE) |
| Related URL |
1873 (SecurityFocus) |
| Related URL |
5442 (ISS) |
|
