Samba SWAT 3.0.2 - 3.0.4 HTTP Basic Auth base64 Buffer Overflow

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote Samba server is affected by a buffer overflow
vulnerability.

Description :

According to its banner, the version of Samba running on the remote
host is between 3.0.2 and 3.0.4, inclusive. An error exists in the
base64 decoding functions, which can result in a buffer overflow.

See also :

http://www.samba.org/samba/history/samba-3.0.5.html
http://www.samba.org/samba/security/CVE-2004-0600.html

Solution :

Upgrade to version 3.0.5 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.8
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Misc.

Nessus Plugin ID: 17720 ()

Bugtraq ID: 10780

CVE ID: CVE-2004-0600