[Samba] Possible SMBd Remote File Creation Vulnerability again?
Clint Sharp
clint at typhoon.org
Mon Apr 5 06:42:23 GMT 2004
On Sun, 2004-04-04 at 23:15, Ignacio Bustamante wrote:
> Hi,
>
> Five days ago (2004/03/31) someone was able to obtain a list of *all* the
> unix user names of my machine (a Redhat 9 w/ latest patches) and then
> started trying to log as a samba user (about 400 tries per user name). Upon
> noticing this strange behavior I immediately proceeded to block all ports
> related to samba, and to put the story short, fortunately or should I say
> hopefully the individual trying to get entry was not able to log into my
> machine according to other logs.
>
> Later on while searching the Internet for information on this problem,
> came upon the "SMBd Remote File Creation Vulnerability" published on the
> year 2001, and referring to samba versions 2.0.7 and 2.0.8.,.. Well this is
> year 2004, and I am using version "2.2.7a-security-rollup-fix.", could this
> mean that this vulnerability either was never fixed or that it is present
> again? any info will be appreciated
>
> BTW, Just, in case I applied temporary fix suggested on the 2001
> information, by changing the log name from "%m.log" to "log.%m"
>
> Thanks in advance
>
> --Ignacio
A copy of your smb.conf would have helped. Do you have a guest account
enabled on your samba config? It sounds like someone was able to
enumerate your userlist, which would require access to the IPC$ share,
which any user who could authenticate (even guest) should be able to
do. I'd highly recommend as a general practice not exposing SMB or CIFS
shares to the Internet or an untrusted network, as even though Samba is
more secure than say Windows, it's still just not a good idea unless
there's a legitimate justification for it. Even so, SFTP or some other
more secure file transfer mechanism would be a better option (or if
there are trusted users on the Internet, have them tunnel the SMB
traffic through SSH or an IPSEC tunnel).
Clint
More information about the samba
mailing list