[Samba] Vulnerabilities reported by Qualys scan

Przemek Klosowski przemek at jazz.ncnr.nist.gov
Thu May 28 13:16:59 GMT 2009

   Remote User List Disclosure Using NetBIOS (CVE-2000-1200) 
   Null Session/Password NetBIOS Access (CVE-1999-0519)

   Is there anyway to address this besides disable guest account?

This is not a technical question about samba but rather a policy
question that you should direct to your IT security folks.  I haven't
read the entry in detail, but
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1200 seems to
be a NT vulnerability, so you could argue that it does not apply to
your Linux server. 1999-0519 might be an accepted risk, because that
is how you set your share. See whether this carries water with your IT

More information about the samba mailing list