Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2013-4496

Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obtain access via brute-force ChangePasswordUser2 (1) SAMR or (2) RAP attempts.

Related bugs and status

CVE-2013-4496 (Candidate) is related to these bugs:

Bug #1268180: net join doesn't work by default since switch to 4.x

Summary				In	Importance	Status
	1268180	net join doesn't work by default since switch to 4.x		samba (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.securityfoc...
MISC: http://lists.fedorapro...
MISC: http://lists.fedorapro...
MISC: http://security.gentoo...
MISC: http://www.mandriva.co...
MISC: http://rhn.redhat.com/...
MISC: http://www.ubuntu.com/...
MISC: http://advisories.mage...
MISC: http://www.samba.org/s...
MISC: http://www.samba.org/s...
MISC: http://www.samba.org/s...
MISC: http://www.samba.org/s...
MISC: https://bugzilla.samba...
MISC: https://h20566.www2.hp...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....