[Samba] security hole in Samba

wimax wimax at yandex.ru
Tue Aug 24 07:44:21 GMT 2004


Hi, security.

I am install Debian woody and Samba 2.2.3a-13,
but this bugs Is present in Samba 3.0.

 I am add two users in system:

   "user1 psw1"
   "user2 psw2"
   At Samba the same passwords.
   (Both users are included into group "mtobackup" (on a folder
   "/home/MTOBackUp/122"
    It is established g+s i.e.: Mode 42770 group-mtobackup))

Sequence actions:
1. We enter in Windows 2000 AS SP4 under "user1 psw1"
2. "net use k: \\ monster\mtobackup122 psw2 user1" - speaks not The correct password
3. "net use k: \\ monster\mtobackup122 psw1 user1" - speaks a disk It is successfully connected
4. We disconnect disk "k"
5. On desktop on a label " My Computer " we press the right button of a mousy and
We press "Explorer" we look through a network, the domain "mto", in it{him} we search for a computer
"monster", we look through to a sharing "/home/MTOBackUp/122". We close Explorer.

6. "net use k: \\ monster\mtobackup122 psw2 user1"  Speaks a disk it is successfully connected
7. "net use l: \\ monster\mtobackup122 psw1 user1" Speaks a disk it is successfully connected


If item{point} 5. to not do{make} - All perfectly works!!!!!!!!!!!

Problems:
There is an opportunity of connection of the user under different passwords

If operational system Windows 95(not Windows 2000), that item{point} 5 to do{make} it is not necessary at all
(the opportunity of connection of the user under different passwords
works without item{point} 5).


I WAIT FOR THE ANSWER :)



-- 
 wimax                          mailto:wimax at yandex.ru


More information about the samba mailing list