CVE-2000-0936

Name of the Vulnerable Software and Affected Versions Samba version 2.0.7

Description The Samba Web Administration Tool (SWAT) installs the cgi.log logging file with world-readable permissions. This allows local users to read sensitive information, including user names and passwords.

Recommendations For Samba version 2.0.7, consider changing the permissions of the cgi.log file to restrict access and prevent unauthorized reading of sensitive information. As a temporary workaround, restrict access to the cgi.log file until a more permanent solution is available.