[Samba] IPC$ share accessible with arbitrary usernames/passwords
kirk johnson
tuna at indra.com
Tue Nov 19 14:45:01 GMT 2002
AB = andrew bartlett
AB > Both options are only in Samba 3.0. Run 'testparm', before you
> wonder why an option doesn't work.
ah, now i understand what you meant by "samba HEAD".
AB > It's an information leak - an unauthenticated user can find out
> a list of all users. Interestingly, much of this information
> can be inferred from other calls that are not controlled by
> 'restrict anonymous = 1'.
okay.
AB > Samba 3.0 implements 'restrict anonymous = 1'. I'm about to add
> 'restrict anonymous = 2' support. (Which locks down all guest
> access to IPC$, but breaks lots of things, like PDC and browse
> mater support).
so is it fair to say that this "hole" is not completely closed by any
currently-released versions of samba?
tx,
kirk
More information about the samba
mailing list