[Samba] Nessus test issues with open shares

Jeremy Allison jra at samba.org
Wed May 28 17:39:33 GMT 2008


On Wed, May 28, 2008 at 12:58:12PM -0400, Joseph P Villa wrote:
> Hi,
> 
> My name is Joseph Villa, I'm new to the message boards and I'm also new to 
> Samba. I just got an e-mail back on our Nessus scans.. Here are the 2 that 
> are relivant..
> 
> 1.) The remote host has accessible LOGS$ share. 
> 
> ScriptLogic creates this share to store the logs, but does not properly 
> set the permissions on it. As a result, anyone 
> can use it to read the remote logs. 
> 
> Solution: Limit access to this share to the backup account and the Domain 
> Administrator. 
> 
> 
> 
> 
> 2.) Backup share can be accessed without authentication. 
> 
> The remote host has an accessible ARCSERVE$ share. 
> 
> Several versions of ARCserve store the backup agent username and password 
> in cleartext in this share., 
> An attacker may use this flaw to obtain the password file of the remote 
> backup agent and use it to gain privilages on the host. 
> 
> Solution is to limit the access to this share to backup account and domain 
> administrator. 
> 
> 
> 
> Both of these are off of our Sun server running Solaris 10 as the OS. I'm 
> thinking both directories are being shared via Samba. Although
> there is much I don't know about this system. Has anyone out there run 
> into the same issue?

Post your smb.conf so we can see what shares you have defiend.

Jeremy.


More information about the samba mailing list