CVE-2000-0936

Samba 2.0.7 - Sensitive Information Exposure via SWAT cgi.log World-Readable Permissions

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0936. PoCs published by miah.

AI-analyzed exploit summary This exploit script extracts and decodes base64-encoded usernames and passwords from the world-readable SWAT log file (/tmp/cgi.log). It leverages a permissions vulnerability in Samba SWAT to disclose credentials.

Description

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

Exploits (1)

exploitdb WORKING POC VERIFIED

by miah · bashlocallinux

https://www.exploit-db.com/exploits/20341

View Code ZIP pw:eip

This exploit script extracts and decodes base64-encoded usernames and passwords from the world-readable SWAT log file (/tmp/cgi.log). It leverages a permissions vulnerability in Samba SWAT to disclose credentials.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Samba SWAT (versions with vulnerable logging configuration)

No auth needed

Prerequisites: SWAT logging enabled · Local access to the system · /tmp/cgi.log must exist and be world-readable

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/5445

Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/1874

Scores

EPSS 0.0112

EPSS Percentile 62.0%

Details

Status published

Products (1)

samba/samba 2.0.7

Published Dec 19, 2000

Tracked Since Feb 18, 2026