Vigil@nce - Samba: brute force via SAMR
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use SAMR to exploit a brute force, in order to
guess the password of a Samba user.
Impacted products: Fedora, openSUSE, RHEL, Samba, Slackware
Severity: 2/4
Creation date: 12/03/2014
DESCRIPTION OF THE VULNERABILITY
The SAMR (Security Account Manager Remote) protocol is used to
manipulate the user database.
An unauthenticated user can call the ChangePasswordUser2 function
to change his password. He then has to enter his current password.
However, the account lockout is not managed. An attacker can thus
call the function an infinite number of times, until he find the
current victim’s password.
An attacker can therefore use SAMR to exploit a brute force, in
order to guess the password of a Samba user.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Samba-brute-force-via-SAMR-14408