[Samba] security hole in Samba
wimax
wimax at yandex.ru
Tue Aug 24 07:44:21 GMT 2004
Hi, security.
I am install Debian woody and Samba 2.2.3a-13,
but this bugs Is present in Samba 3.0.
I am add two users in system:
"user1 psw1"
"user2 psw2"
At Samba the same passwords.
(Both users are included into group "mtobackup" (on a folder
"/home/MTOBackUp/122"
It is established g+s i.e.: Mode 42770 group-mtobackup))
Sequence actions:
1. We enter in Windows 2000 AS SP4 under "user1 psw1"
2. "net use k: \\ monster\mtobackup122 psw2 user1" - speaks not The correct password
3. "net use k: \\ monster\mtobackup122 psw1 user1" - speaks a disk It is successfully connected
4. We disconnect disk "k"
5. On desktop on a label " My Computer " we press the right button of a mousy and
We press "Explorer" we look through a network, the domain "mto", in it{him} we search for a computer
"monster", we look through to a sharing "/home/MTOBackUp/122". We close Explorer.
6. "net use k: \\ monster\mtobackup122 psw2 user1" Speaks a disk it is successfully connected
7. "net use l: \\ monster\mtobackup122 psw1 user1" Speaks a disk it is successfully connected
If item{point} 5. to not do{make} - All perfectly works!!!!!!!!!!!
Problems:
There is an opportunity of connection of the user under different passwords
If operational system Windows 95(not Windows 2000), that item{point} 5 to do{make} it is not necessary at all
(the opportunity of connection of the user under different passwords
works without item{point} 5).
I WAIT FOR THE ANSWER :)
--
wimax mailto:wimax at yandex.ru
More information about the samba
mailing list