Some notes on CVE-2013-0214 and swat '-P' mode...
Marco Gaiarin
gaio at sv.lnf.it
Fri Aug 1 08:57:15 MDT 2014
[I'm not subscribed to '-technical', so please, sorry me...]
I'm using for long time swat (wrapped around stunnel) with '-P' option
to provide users a simple web interface to change password.
Moving from debian squeeze to wheezy, i've hitted:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700729
https://bugzilla.samba.org/show_bug.cgi?id=9668
I've tried to remove CVE-2013-0214 patch and rebuilt swat, and works, so
indeed that patch is the ''guilty'' ;).
Considering that i don't need to use a web interface to change the
'root' password ;), there's some way to ''relax'' them, at least in
'-P' mode, at least for users different from 'root'?
Thanks.
PS: ok, i know that swat is deprecated, but i hope my question will
have a simple answer...
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà, 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)lanostrafamiglia.it t +39-0434-842711 f +39-0434-842797
Dona il 5 PER MILLE a LA NOSTRA FAMIGLIA!
http://www.lanostrafamiglia.it/chi_siamo/5xmille.php
(cf 00307430132, categoria ONLUS oppure RICERCA SANITARIA)
More information about the samba-technical
mailing list