gcarterVALINUX.COM

• Next message: Marc Esipovich: "Re: announcing PaX"
• Previous message: tseekerPROBEMAIL.COM: "Re: Future of buffer overflows ?"
• In reply to: Richard Trott: "Re: Samba 2.0.7 SWAT vulnerabilities"
• Next in thread: Ryan Gray: "Re: Samba 2.0.7 SWAT vulnerabilities"
• Reply: Gerald Carter: "Re: Samba 2.0.7 SWAT vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Mon, 30 Oct 2000, Optyx - Uberhax0r Communications wrote:
>
> > The program swat included in the samba
> > distribution allows username and password bruteforcing.
> > An attacker can easily generate userlists and then
> > bruteforce their passwords. Comments in the source
> > code show that somebody tried to prevent this
> > from happening[1].

Just an FYI....

These reported problems have been corrected in the
latest version of our HEAD branch code and will be in the
next release of Samba (2.2.0 - currently in alpha release
stages).

Many thanks to Samba developer, Jeremy Allison, for
addressing this.

Cheers, jerry
----------------------------------------------------------------------
   /\ Gerald (Jerry) Carter Professional Services
 \/ http://www.valinux.com/ VA Linux Systems gcartervalinux.com
       http://www.samba.org/ SAMBA Team jerrysamba.org
       http://www.plainjoe.org/ jerryplainjoe.org

       "...a hundred billion castaways looking for a home."
                                - Sting "Message in a Bottle" ( 1979 )

• Next message: Marc Esipovich: "Re: announcing PaX"
• Previous message: tseekerPROBEMAIL.COM: "Re: Future of buffer overflows ?"
• In reply to: Richard Trott: "Re: Samba 2.0.7 SWAT vulnerabilities"
• Next in thread: Ryan Gray: "Re: Samba 2.0.7 SWAT vulnerabilities"
• Reply: Gerald Carter: "Re: Samba 2.0.7 SWAT vulnerabilities"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]