[Samba] Samba 2.2.5 Security Bug?

Gerald Carter jerry at samba.org
Tue Oct 8 13:13:01 GMT 2002

On Mon, 7 Oct 2002 imed at gmx.ch wrote:

> Does anyone know why normal users can set a blank samba password with the
> smbpasswd kommand by inserting <CR> twice after inserting the old passwd:
> ben at amo:% /opt/samba/bin/smbpasswd
> Old SMB password:<oldpasswd>
> New SMB password:<CR>
> Retype new SMB password:<CR>
> Password changed for user ben
> After that the user can map the samba shares with a blank password even if:
> null passwords = No
> and 
> guest ok = No
> in the smb.conf

Of the top of my head i would say that "\n" is not being recognized as 
"NO PASSWORDXXXXX".  Check the smbpasswd file.

cheers, jerry
 Hewlett-Packard                                     http://www.hp.com
 SAMBA Team                                       http://www.samba.org
 --                                            http://www.plainjoe.org
 "SAMS Teach Yourself Samba in 24 Hours" 2ed.       ISBN 0-672-32269-2
 --"I never saved anything for the swim back." Ethan Hawk in Gattaca--

More information about the samba mailing list