Samba >= 3.4.0 Credentials Management Errors Vulnerability (CVE-2013-4496)

In Samba's SAMR server we neglect to ensure that attempted password changes will update the bad password count, nor set the lockout flags. This would allow a user unlimited attempts against the password by simply calling ChangePasswordUser2 repeatedly. This is available without any other authentication.

Samba versions 3.4.0 and above allow the administrator to implement locking out Samba accounts after a number of bad password attempts. However, all released versions of Samba did not implement this check for password changes, such as are available over multiple SAMR and RAP interfaces, allowing password guessing attacks. As this was found during an internal audit of the Samba code there are no currently known exploits for this problem (as of March 11th 2014).

Samba versions 3.4.0 through 3.6.22, 4.0.0 through 4.0.15 and 4.1.0 through 4.1.5.

Checks if a vulnerable version is present on the target host.

Update to version 3.6.23, 4.0.16, 4.1.6 or later.