Info

Disclosure

Sep 02, 2004

Discovery

Unknown

Dates

Exploit

Sep 02, 2004

Solution

Unknown

Description

jCIFS contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when the 'guest' account is not disabled. It is possible that the flaw may allow a remote attacker to use any invalid username to be authenticated successfully resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 0.9.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Michael B. Allen	JCIFS	0.9.0
		0.9.7
		0.9.1
		0.9.2
		0.9.3
		0.9.4
		0.9.6

References

Security Tracker: 1010417
Bugtraq ID: 10494
ISS X-Force ID: 16355
Vendor URL: http://jcifs.samba.org/
Vendor Specific Advisory URL: http://jcifs.samba.org/src/README.txt

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/9740

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Michael B. Allen

JCIFS

References

Credit