lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <web-53121174@cgp.agava.net> From: demidov at gleg.net (Evgeny Demidov) Subject: Samba 3.x swat preauthentication buffer overflow Name: Samba 3.x swat preauthentication buffer overflow Date: 22 Jule 2004 CVE candidate: CAN-2004-0600 Author: Evgeny Demidov Description: There exists a remote preauthentication buffer overflow in Samba 3.x swat administration service. All version of Samba 3.0.2-3.0.4 are vulnerable to our knowledge. Fix: Samba 3.0.5 which fixes this problem is available: http://www.samba.org/samba/whatsnew/samba-3.0.5.html History: 28 April 2004 - vulnerability has been discovered during Samba source code audit by Evgeny Demidov 29 April 2004 - vulnerability details has been made available to VulnDisco clients 14 Jule 2004 - vulnerability has been reported to Samba Team 22 Jule 2004 - public release of the advisory