[Samba] Possible security hole in 2.2.0a?

Jim Carter jimc at math.ucla.edu
Tue Dec 31 20:57:00 GMT 2002

On Sat, 28 Dec 2002, andy thomas wrote:
> Unauthorised connection attempts to a server running samba 2.2.0a are a
> daily occurrence but incorrect usernames/share names prevent accesses to
> shares and this is not normally anything to worry about. But looking
> through the smbd logs on this server I found one instance where someone
> apparently knew the 6 usernames listed in the smbpasswd file and tried to
> use those in turn to gain access. (This was unsuccessful as passwords
> are used to protect access to shares).

At work we had a similar attack on the Win2K PDC.  Apparently on Windows
it's a standard feature to enumerate the known users.  Then the attacker
tries a short list of weak passwords on each one.  We had it set up so
repeated authentication failures would lock the account.  The helpdesk
person really had her hands full that day!

Probably all that's necessary is to browse the [homes] directory.

James F. Carter          Voice 310 825 2897    FAX 310 206 6673
UCLA-Mathnet;  6115 MSA; 405 Hilgard Ave.; Los Angeles, CA, USA 90095-1555
Email: jimc at math.ucla.edu  http://www.math.ucla.edu/~jimc (q.v. for PGP key)

More information about the samba mailing list