[Samba] IPC$ share accessible with arbitrary usernames/passwords

kirk johnson tuna at indra.com
Tue Nov 19 05:05:01 GMT 2002 

MM = M Maki (1 Oct 2002)
AB = Andrew Bartlett (2 Oct 2002)

 MM > I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with
    > Nessus and they reported a security hole of "Possible to login
    > to the remote host using a NULL session" I have a couple of NT
    > servers I disabled with a registry edit. Is there a way to
    > prevent this on the Samba servers or is it evan a valid issue?

 AB > Samba HEAD starts to add some of this, but the manpage is
    > compleatly inaccurate...
    >
    > Set 'restrict anonymous = 1' should get you the start.
    >
    > I'm looking into how to best implement 'restrict anonymous = 2'.
    >
    > In the meantime, if you set 'auth methods = sam' (for standalone
    > servers) then it will skip the 'guest' module, and deny all
    > anonymous connections.  However, this will break browsing and
    > other services.

i have the same basic question -- i'm running samba 2.0.6 on some
linux boxes, and nessus complains about several "Risk factor: High"
bugs that all seem to boil down to the fact that IPC$ can be accessed
with any username and password.

i tried both the 'restrict anonymous = 1' and 'auth methods = sam'
tweaks suggested by andrew, but neither seems to make a difference --
smbclient can still connect to \\targethost\IPC$ using arbitrary
usernames and passwords.

i'm also unclear (both from my own lack of windows/samba knowledge and
from andrew's answer, quoted above) whether or not the ability to
access IPC$ using arbitrary usernames/passwords is actually a security
issue with samba/linux, or if this is perhaps only an issue for
genuine microsoft SMB implementations?

i've searched far and wide on th' net trying to find more information
about this, but other than the two e-mail messages quoted above, have
pretty much failed miserably.

any further information on this subject (e.g., whether or not IPC$
being exposed in this way is actually a security risk, possible
workarounds, including upgrading to newer versions of samba, etc.)
that folks might be able to provide would be much appreciated.

thanks in advance,

kirk

More information about the samba mailing list