samba -- multiple vulnerabilities

2014-03-11T00:00:00
ID 03E48BF5-A96D-11E3-A556-3C970E169BC2
Type freebsd
Reporter FreeBSD
Modified 2014-03-11T00:00:00

Description

Samba project reports:

In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication.

smbcacls can remove a file or directory ACL by mistake.