[Samba] Samba 2.2.5 Security Bug?

imed at gmx.ch imed at gmx.ch
Mon Oct 7 16:55:01 GMT 2002


Does anyone know why normal users can set a blank samba password with the
smbpasswd kommand by inserting <CR> twice after inserting the old passwd:

ben at amo:% /opt/samba/bin/smbpasswd
Old SMB password:<oldpasswd>
New SMB password:<CR>
Retype new SMB password:<CR>
Password changed for user ben

After that the user can map the samba shares with a blank password even if:

null passwords = No


guest ok = No

in the smb.conf

Thanks in advance


+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

More information about the samba mailing list