[Samba] samba security question - samba vulnerable to any
WindowsExploits?
Paul Bradshaw
bradshaw at wintermute.alumni.uoguelph.ca
Wed Jun 23 15:14:29 GMT 2004
Hi Ryan,
I am not authenticating to any Windows server, I just have the samba
server itself set up with 3 users who an login.
...Paul
Ryan Frantz wrote:
>Paul,
>
>Are you using a Windows PDC or ADS to authenticate your Samba shares?
>If so, the problem would not be with Samba, but with the authenticating
>server.
>
>Ryan
>
>-----Original Message-----
>From: samba-bounces+ryanfrantz=informed-llc.com at lists.samba.org
>[mailto:samba-bounces+ryanfrantz=informed-llc.com at lists.samba.org] On
>Behalf Of Paul Bradshaw
>Sent: Wednesday, June 23, 2004 11:02 AM
>To: samba at lists.samba.org
>Subject: [Samba] samba security question - samba vulnerable to any
>WindowsExploits?
>
>
>Hi there,
>
>I'm unclear on this warning I got from NeWT when I scanned my Linux
>workstation. Could someone clarify for me if I should be worried?
>
>Thanks,
>
>...Paul
>------------------------
>microsoft-ds (445/tcp)
>
>
>
>It was possible to log into the remote host using the following
>login/password combinations :
>'administrator'/''
>'administrator'/'administrator'
>'guest'/''
>'guest'/'guest'
>
>It was possible to log into the remote host using a NULL session.
>The concept of a NULL session is to provide a null username and
>a null password, which grants the user the 'guest' access
>
>To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and
>Q246261 (Windows 2000).
>Note that this won't completely disable null sessions, but will
>prevent them from connecting to IPC$
>Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html
>
>The remote host defaults to guest when a user logs in using an invalid
>login. For instance, we could log in using the account 'nessus/nessus'
>
>
>All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE
>CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505,
>CAN-2002-1117
>BID : 494, 990
>Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394>
>
>
>The following shares can be accessed using a NULL session :
>
>- IPC$ - (readable?, writeable?)
>
>
>*Solution : To restrict their access under WindowsNT, open the explorer,
>
>do a right click on each,
>go to the 'sharing' tab, and click on 'permissions'
>Risk factor : High
>CVE : CAN-1999-0519, CAN-1999-0520
>BID : 8026
>*
>
>Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396>
>
>
More information about the samba
mailing list