Disabling LM authentication
David Collier-Brown
David.Collier-Brown at canada.sun.com
Mon Nov 27 19:43:07 GMT 2000
Gerald Carter wrote:
> hmmm....downgrade attacks are server based. I'm not sure
> what this gains you. If a client wants to send you
> a list of older protocols, then that's the client's decision.
Sure, but if the client's trying an attack via
brute-forcing the old low-variability LM hashes,
(as mentioned in Hobbit's CIFS insecurities paper)
we don't want to help them out!
See Mudge's email and L0phtcrack paper at
http://www.insecure.org/sploits/l0phtcrack.lanman.problems.html
for a quick overview of the problem: the longer
paper at http://www.neohapsis.com/resources/docs/hobbit-cifs.txt
explains how to use the weakness over the wire.
> > Not to speak about our passing through rarely-tested
> > code (;-))
> I could see this as an aguement, but not a security risk
> really. Am I missing something?
It's a general risk, not a security one: I do notice the
overflow attack is specific to protocols less than NT1,
though, which is an example of a security issue.
[In ./smbd/reply.c" line 693]
if (Protocol < PROTOCOL_NT1) {
smb_apasslen = SVAL(inbuf,smb_vwv7);
if (smb_apasslen > MAX_PASS_LEN)
overflow_attack(smb_apasslen);
--dave (who used to be a professional paranoid for a supplier
to External Affairs, and never really got over it) c-b
--
David Collier-Brown, | Always do right. This will gratify some people
185 Ellerslie Ave., | and astonish the rest. -- Mark Twain
Willowdale, Ontario | //www.oreilly.com/catalog/samba/author.html
Work: (905) 415-2849 Home: (416) 223-8968 Email: davecb at canada.sun.com
More information about the samba-technical
mailing list