[Samba] Possible SMBd Remote File Creation Vulnerability again?

Ignacio Bustamante ignaciob at 123plaza.com
Mon Apr 5 06:15:11 GMT 2004


Five days ago (2004/03/31) someone was able to obtain a list of *all* the 
unix user names of my machine (a Redhat 9 w/ latest patches) and then 
started trying to log as a samba user (about 400 tries per user name). Upon 
noticing this strange behavior I immediately proceeded to block all ports 
related to samba, and to put the story short, fortunately or should I say 
hopefully the individual trying to get entry was not able to log into my 
machine according to other logs.

Later on while searching the Internet  for information on this problem, 
came upon the "SMBd Remote File Creation Vulnerability" published on the 
year 2001, and referring to samba versions 2.0.7 and 2.0.8.,.. Well this is 
year 2004, and I am using version "2.2.7a-security-rollup-fix.", could this 
mean that this vulnerability either was never fixed or that it is present 
again? any info will be appreciated

BTW, Just, in case I applied temporary fix suggested on the 2001 
information, by changing the log name from "%m.log" to "log.%m"

Thanks in advance


More information about the samba mailing list