[Samba] Vulnerabilities reported by Qualys scan
Frank Gruman
fgatwork at verizon.net
Thu May 28 03:26:47 GMT 2009
On Wed, 2009-05-27 at 10:41 -0500, Xu, Ying (Houston) wrote:
> Did anyone encounter this kind of audit issue at all?
>
> Thanks
>
> Ying
>
>
> -----Original Message-----
> From: samba-bounces+ying.xu=littonloan.com at lists.samba.org
> [mailto:samba-bounces+ying.xu=littonloan.com at lists.samba.org] On Behalf
> Of Xu, Ying (Houston)
> Sent: Friday, May 22, 2009 11:01 AM
> To: samba at lists.samba.org
> Subject: [Samba] Vulnerabilities reported by Qualys scan
>
> We are running samba services on several solaris10 servers for the users
> that need to read reports/logs on their windows workstation. THe shares
> are shared read-only and allowed guest account since most of users do
> not have unix accounts. Our company recently started Qualys scan on all
> servers, and we need to address the vulnerabilities reported. We are
> getting the following vulnerabilities regarding the samba services:
>
> Remote User List Disclosure Using NetBIOS (CVE-2000-1200)
> Null Session/Password NetBIOS Access (CVE-1999-0519)
>
> Is there anyway to address this besides disable guest account?
>
>
> Thanks
>
> Ying Xu <yxu at littonloan.com>
> Unix Group
I used to run into security scans and mitigation requirements all the
time. From a variety of scan tools...
A _VERY_ brief Google search (CVE-2000-1200 samba) lead me to
http://www.rapid7.com/vulndb/lookup/cifs-nt-0002 where you can find
instructions on mitigating that issue (there are Windows sections, a
Samba section, and a Novell section - just scroll). The second issue
was also found with a similar search and results -
http://www.rapid7.com/vulndb/lookup/cifs-nt-0001.
I have typically found that these scan tools will give you a general
idea of how to mitigate these issues (perhaps Windows-centric in this
case) but still a hint none the less. Even Qualys gives you that much.
Regards,
Frank
More information about the samba
mailing list