[Samba] Vulnerabilities reported by Qualys scan
Przemek Klosowski
przemek at jazz.ncnr.nist.gov
Thu May 28 13:16:59 GMT 2009
Remote User List Disclosure Using NetBIOS (CVE-2000-1200)
Null Session/Password NetBIOS Access (CVE-1999-0519)
Is there anyway to address this besides disable guest account?
This is not a technical question about samba but rather a policy
question that you should direct to your IT security folks. I haven't
read the entry in detail, but
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1200 seems to
be a NT vulnerability, so you could argue that it does not apply to
your Linux server. 1999-0519 might be an accepted risk, because that
is how you set your share. See whether this carries water with your IT
security.
More information about the samba
mailing list