Christopher R. Hertel
crh at ubiqx.mn.org
Tue Oct 28 03:18:37 GMT 2003
Jeremy Allison wrote:
> Hmmm. Whilst fixing bug #667 I think I've noticed that a W2K SP4
> redirectory will sometimes do call_trans2getdfsreferral() IPC$
> calls as the anonymous user for DFS paths returned from a logged
> in user. It doesn't seem to care that it shouldn't have the
> privillages to look up this path (and indeed in Samba it doesn't).
> I wonder if this is a security flaw in the W2K MSDFS server code
> that it must allow the W2K redirector to do this.
> I can emulate it of course by becoming root before doing the DFS
> lookup, I'm just not sure I should.
> Shirish, or anyone working on the DFS code, any ideas ?
I saw something like this today at work, looking at a capture for another
I'll find out what types of systems they were and let you know if it's
really the same as what you're seeing or not.
"Implementing CIFS - the Common Internet FileSystem" ISBN: 013047116X
Samba Team -- http://www.samba.org/ -)----- Christopher R. Hertel
jCIFS Team -- http://jcifs.samba.org/ -)----- ubiqx development, uninq.
ubiqx Team -- http://www.ubiqx.org/ -)----- crh at ubiqx.mn.org
OnLineBook -- http://ubiqx.org/cifs/ -)----- crh at ubiqx.org
More information about the samba-technical