[Samba] help with anonymous null sessions

Baurzhan Ismagulov ibr at radix50.net
Tue Jun 10 18:19:45 GMT 2008


I'm using samba 3.0.24-6etch9 on a Debian stable system. I've received a
vulnerability report from our CERT stating, among others:

Vulnerability: anonymous nullsession exploitable, can list open shares,
can read registry
ToDo: Allow only authenticated users access to shared components (remove
Tool Reference: ISS 170

So I've tried nessus on that, it reported the same. After some digging,
I was able to list users and shares using the following commands:

net rpc share list -S s -U%
net rpc user -S s -U%

Not sure about how I could read registry, or whether samba now has one.

So I added restrict anonymous = 2 to smb.conf and was no more able to
get the above info. I asked our CERT to rescan, and they still found the

So, I have two questions:

* Does either restrict anonymous = 2, or setting valid users do whatever
  Windows does when one removes Everyone from the IPC$ ACL? I'm using
  security = user.

* Is the reported problem solved with one of those settings?

* Is the tool above available for downloading?

I've read securing-samba.html, AccessControls.html, and numerous links
found by Google.

I would appreciate any help.

Thanks in advance,
Baurzhan Ismagulov

More information about the samba mailing list