Disabling LM authentication

David Collier-Brown David.Collier-Brown at canada.sun.com
Mon Nov 27 19:43:07 GMT 2000

Gerald Carter wrote:
> hmmm....downgrade attacks are server based. I'm not sure
> what this gains you.  If a client wants to send you
> a list of older protocols, then that's the client's decision.

	Sure, but if the client's trying an attack via
	brute-forcing the old low-variability LM hashes,
	(as mentioned in Hobbit's CIFS insecurities paper)
	we don't want to help them out!

	See Mudge's email and L0phtcrack paper at
	for a quick overview of the problem: the longer
	paper at http://www.neohapsis.com/resources/docs/hobbit-cifs.txt
	explains how to use the weakness over the wire.

> > Not to speak about our passing through rarely-tested
> > code (;-))
> I could see this as an aguement, but not a security risk
> really.  Am I missing something?

	It's a general risk, not a security one: I do notice the
	overflow attack is specific to protocols less than NT1,
	though, which is an example of a security issue.

  [In ./smbd/reply.c" line 693]
  if (Protocol < PROTOCOL_NT1) {
    smb_apasslen = SVAL(inbuf,smb_vwv7);
    if (smb_apasslen > MAX_PASS_LEN)

--dave (who used to be a professional paranoid for a supplier
	to External Affairs, and never really got over it) c-b
David Collier-Brown,  | Always do right. This will gratify some people
185 Ellerslie Ave.,   | and astonish the rest.        -- Mark Twain
Willowdale, Ontario   | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com

More information about the samba-technical mailing list