[Samba] security hole in Samba

[Rashkae]

Sounds to me as though Windows is simply caching a successful
password, and gives it a try.  Not a Samba security hole at all.


On Tue, Aug 24, 2004 at 10:44:21AM +0300, wimax wrote: > Hi, security.
> > I am install Debian woody and Samba 2.2.3a-13, > but this bugs Is
present in Samba 3.0.  > > I am add two users in system: > > "user1
psw1" > "user2 psw2" > At Samba the same passwords.  > (Both users are
included into group "mtobackup" (on a folder > "/home/MTOBackUp/122" >
It is established g+s i.e.: Mode 42770 group-mtobackup)) > > Sequence
actions: > 1. We enter in Windows 2000 AS SP4 under "user1 psw1" >
2. "net use k: \\ monster\mtobackup122 psw2 user1" - speaks not The
correct password > 3. "net use k: \\ monster\mtobackup122 psw1 user1"
- speaks a disk It is successfully connected > 4. We disconnect disk
"k" > 5. On desktop on a label " My Computer " we press the right
button of a mousy and > We press "Explorer" we look through a network,
the domain "mto", in it{him} we search for a computer > "monster", we
look through to a sharing "/home/MTOBackUp/122". We close Explorer.  >
> 6. "net use k: \\ monster\mtobackup122 psw2 user1" Speaks a disk it
is successfully connected > 7. "net use l: \\ monster\mtobackup122
psw1 user1" Speaks a disk it is successfully connected > > > If
item{point} 5. to not do{make} - All perfectly works!!!!!!!!!!!  > >
Problems: > There is an opportunity of connection of the user under
different passwords > > If operational system Windows 95(not Windows
2000), that item{point} 5 to do{make} it is not necessary at all >
(the opportunity of connection of the user under different passwords >
works without item{point} 5).  > > > I WAIT FOR THE ANSWER :) > > > >
-- > wimax mailto:wimax at yandex.ru > -- > To unsubscribe from this list
go to the following URL and read the > instructions:
http://lists.samba.org/mailman/listinfo/samba