[Samba] security hole in Samba

Gerald (Jerry) Carter jerry at samba.org
Tue Aug 24 14:56:45 GMT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

wimax wrote:

| Sequence actions:
| 1. We enter in Windows 2000 AS SP4 under "user1 psw1"
| 2. "net use k: \\ monster\mtobackup122 psw2 user1"
|     - speaks not The correct password
| 3. "net use k: \\ monster\mtobackup122 psw1 user1"
|    - speaks a disk It is successfully connected
| 4. We disconnect disk "k"
| 5. On desktop on a label " My Computer " we press the
|    right button of a mousy and We press "Explorer" we
|    look through a network, the domain "mto", in it{him}
|    we search for a computer "monster", we
|    look through to a sharing "/home/MTOBackUp/122".
|    We close Explorer.

At this point you have reconnected to the server
using the crddentials you logged onto the console
with (user1/psw1).

| 6. "net use k: \\ monster\mtobackup122 psw2 user1"
|    Speaks a disk it is successfully connected
| 7. "net use l: \\ monster\mtobackup122 psw1 user1"
|    Speaks a disk it is successfully connected
|
| If item{point} 5. to not do{make} - All perfectly
| works!!!!!!!!!!!

I have reproduced your behavior somewhat, but the problem is
that the Windows client network redirector is usingyour
cached credentials from step #5 when you connected and
ignores the password you entered in step #6.

In fact, if you look at teh network traffic there is no
SMBsessetup&X call for the 'net use' issued in step #6
because Windows knows it already has an established session
to the server.

So while this may be confusing, it is Window's designed
behavior.





cheers, jerry
- ---------------------------------------------------------------------
Alleviating the pain of Windows(tm)      ------- http://www.samba.org
GnuPG Key                ----- http://www.plainjoe.org/gpg_public.asc
"If we're adding to the noise, turn off this song"--Switchfoot (2003)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFBK1ctIR7qMdg1EfYRAlekAKDntRejb9Pw3u8YVb43X5b+XXq4KQCgoHKF
3GpW7EROoPtlgcmwOthg8cs=
=4z4R
-----END PGP SIGNATURE-----


More information about the samba mailing list