[Samba] Possible SMBd Remote File Creation Vulnerability again?
Ignacio Bustamante
ignaciob at 123plaza.com
Mon Apr 5 06:15:11 GMT 2004
Hi,
Five days ago (2004/03/31) someone was able to obtain a list of *all* the
unix user names of my machine (a Redhat 9 w/ latest patches) and then
started trying to log as a samba user (about 400 tries per user name). Upon
noticing this strange behavior I immediately proceeded to block all ports
related to samba, and to put the story short, fortunately or should I say
hopefully the individual trying to get entry was not able to log into my
machine according to other logs.
Later on while searching the Internet for information on this problem,
came upon the "SMBd Remote File Creation Vulnerability" published on the
year 2001, and referring to samba versions 2.0.7 and 2.0.8.,.. Well this is
year 2004, and I am using version "2.2.7a-security-rollup-fix.", could this
mean that this vulnerability either was never fixed or that it is present
again? any info will be appreciated
BTW, Just, in case I applied temporary fix suggested on the 2001
information, by changing the log name from "%m.log" to "log.%m"
Thanks in advance
--Ignacio
More information about the samba
mailing list