[Samba] Samba 4.1.6 huge security flaw

[bogdan_bartos]

Hi all,

I've been running Samba 4.1.6 in production for 2 weeks now and it's been
great. However I noticed a huge security flaw today that I hit only once. I
access Samba4 shares over the VPN that is irrelevant since the security
access is user-based, not IP based. What happens right after the connection,
Windows tries to read the shares and some are empty, but they are not
supposed to be. Then, after about 3-5 minutes, the shares populate and I
would include this into normality.

However, I get to see the contents of shares that I SHOULD NOT have access
to. I tried to reproduce the same from the VPN of a Linux machine with the
same user and the access is denied as it should be. The same I tried from
another Windows machine over the VPN and access is denied. Same I tried to
reproduce from within the same LAN and access is denied.

So, for whatever reason, from one specific Windows machine, I am able to
browse content with a user that was not granted the access. I checked the
security tab for the folder and the access looks ok. Still, a huge security
flaw is there and I do not know how to give you more details, but it needs
to be looked at.

I noticed the 3-5 minutes wait time on 2 Samba 4.1.6 servers since I am
running a production testing environment at home. However at home we are 3
users, but the server I noticed the issue on is running for 30 users. I
suspect something probably happens in the 3-5 minutes with the Windows
browsing and today I got access. I cannot provide more info guys. The best I
can post logs if you tell me specifically what to look for. The bug was
noticed at around 2:50pm MST. Please tell me what you need, so I can assist.



--
View this message in context: http://samba.2283325.n4.nabble.com/Samba-4-1-6-huge-security-flaw-tp4664312.html
Sent from the Samba - General mailing list archive at Nabble.com.