jCIFS guest Account Invalid Username Authentication

2004-09-02T18:45:35
ID OSVDB:9740
Type osvdb
Reporter OSVDB
Modified 2004-09-02T18:45:35

Description

Vulnerability Description

jCIFS contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when the 'guest' account is not disabled. It is possible that the flaw may allow a remote attacker to use any invalid username to be authenticated successfully resulting in a loss of integrity.

Solution Description

Upgrade to version 0.9.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

jCIFS contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when the 'guest' account is not disabled. It is possible that the flaw may allow a remote attacker to use any invalid username to be authenticated successfully resulting in a loss of integrity.

References:

Vendor URL: http://jcifs.samba.org/ Vendor Specific Advisory URL Security Tracker: 1010417 ISS X-Force ID: 16355 Bugtraq ID: 10494