Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by a buffer overflow
vulnerability.

Description :

According to its banner, the version of Samba running on the remote
host is between 3.0.2 and 3.0.4, inclusive. An error exists in the
base64 decoding functions, which can result in a buffer overflow.

See also :

http://www.samba.org/samba/history/samba-3.0.5.html
http://www.samba.org/samba/security/CVE-2004-0600.html

Solution :

Upgrade to version 3.0.5 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 17720 ()

Bugtraq ID: 10780

CVE ID: CVE-2004-0600

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial