GEN:SID 1:2597
Message WEB-MISC Samba SWAT Authorization overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer
overrun condition in the Samba Web Administration Tool (SWAT).
Impact Remote execution of arbitrary code.
Detailed Information A vulnerability exists in SWAT that may present an attacker with the
opportunity to execute code of their choosing on an affected host.

The problem lies in the functions that handle base64 decoding
during HTTP basic authentication. Exploitation of this vulnerability
may present the attacker with the opportunity to gain control of the
affected system.
Affected Systems Versions of Samba greater than or equal to 3.0.2 and
     less than 3.0.5
Attack Scenarios An attcker needs to make a specially crafted request to the SWAT
service that could contain harmful code to gain further access to the
system.
Ease of Attack Simple
Corrective Action Apply the appropriate vendor supplied patches
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0600

Bugtraq:
http://www.securityfocus.com/bid/10780
Rule References bugtraq: 10780