[Samba] Samba 2.2.5 Security Bug?
Gerald Carter
jerry at samba.org
Tue Oct 8 13:13:01 GMT 2002
On Mon, 7 Oct 2002 imed at gmx.ch wrote:
> Does anyone know why normal users can set a blank samba password with the
> smbpasswd kommand by inserting <CR> twice after inserting the old passwd:
>
> ben at amo:% /opt/samba/bin/smbpasswd
> Old SMB password:<oldpasswd>
> New SMB password:<CR>
> Retype new SMB password:<CR>
> Password changed for user ben
>
> After that the user can map the samba shares with a blank password even if:
>
> null passwords = No
>
> and
>
> guest ok = No
>
> in the smb.conf
Of the top of my head i would say that "\n" is not being recognized as
"NO PASSWORDXXXXX". Check the smbpasswd file.
cheers, jerry
---------------------------------------------------------------------
Hewlett-Packard http://www.hp.com
SAMBA Team http://www.samba.org
-- http://www.plainjoe.org
"SAMS Teach Yourself Samba in 24 Hours" 2ed. ISBN 0-672-32269-2
--"I never saved anything for the swim back." Ethan Hawk in Gattaca--
More information about the samba
mailing list