| VID |
23080 |
| Severity |
40 |
| Port |
901 |
| Protocol |
TCP |
| Class |
SWAT |
| Detailed Description |
The SWAT server appears to be vulnerable to a buffer overflow vulnerability.
Samba ships with a utility titled SWAT (Samba Web Administration Tool) which is used for remote administration of the Samba server and is by default set to run from inetd as root on port 901.
The internal routine used by the SWAT in Samba 3.0.2 to 3.0.4 to decode the base64 data during HTTP basic authentication is subject to a buffer overrun caused by an invalid base64 character. This vulnerability allows remote attackers to execute arbitrary code on the affected system.
* References:
http://marc.theaimsgroup.com/?l=bugtraq&m=109052647928375&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=109053195818351&w=2
http://marc.theaimsgroup.com/?l=bugtraq&m=109051340810458&w=2
* Platforms Affected:
Samba 3.0.2 to 3.0.4
Linux Any version
UNIX Any version |
| Recommendation |
Upgrade to the latest version of Samba (3.0.5 or 2.2.10 or later), available from the Samba Web site at http://samba.org/samba/samba.html
For Red Hat Linux:
Upgrade to the latest version of samba, as listed in Red Hat Security Advisory RHSA-2004:259-23 at http://www.redhat.com/support/errata/RHSA-2004-259.html
For Conectiva Linux:
Upgrade to the latest samba package by referring to Conectiva Linux Security Announcement CLSA-2004:851 at http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851
For other distributions:
Contact your vendor for patch or upgrade information.
-- OR --
Block access to SWAT service (by default TCP port 901) from untrusted networks. If it is not need, disable SWAT by commenting the relevant /etc/inetd.conf line. |
| Related URL |
CVE-2004-0600 (CVE) |
| Related URL |
10780 (SecurityFocus) |
| Related URL |
(ISS) |
|
