The Hermit Hacker
1999-May-11 13:52 UTC
Security related bug/issue ... or mis-configuration?
Morning... Attached are two files. The first (smb.session) shows one user connecting to two different shares on a remote server using *no* password... The second is the smb.conf file found on that remote server, running Solaris 2.6, and Samba 2.0.3 ... I'm *really* hoping that its something that we're overlooking as far as configuration is concerned...or else there is one helluva large hole in Samba :( Authentication, as shown, is to thor.acadiau.ca, which is an NT server... Any help *much* appreciated... Thanks... Marc G. Fournier ICQ#7615664 IRC Nick: Scrappy Systems Administrator @ hub.org primary: scrappy@hub.org secondary: scrappy@{freebsd|postgresql}.org -------------- next part -------------- sandman:~$ smbclient \\\\relay\\dcurrie -U dcurrie Unable to open configuration file "/opt/samba/lib/smb.conf"! pm_process retuned false Can't load /opt/samba/lib/smb.conf - run testparm to debug it Added interface ip=131.162.129.111 bcast=131.162.135.255 nmask=255.255.248.0 Server time is Tue May 11 10:17:53 1999 Timezone is UTC-3.0 Password: Domain=[ACADIA] OS=[Unix] Server=[Samba 2.0.3] smb: \> ls local.login 575 Fri Jul 10 10:48:44 1998 local.profile 560 Fri Jul 10 10:48:44 1998 .profile H 144 Fri Jul 10 10:48:44 1998 local.cshrc 124 Fri Jul 10 10:48:44 1998 .forward H 28 Wed Jul 15 11:29:07 1998 public_html D 0 Thu Oct 8 13:26:27 1998 www D 0 Mon Oct 26 11:14:51 1998 test.cgi A 738 Sun Oct 25 15:20:02 1998 test.txt 1530 Mon Feb 8 09:51:27 1999 57112 blocks of size 131072. 20832 blocks available smb: \> exit sandman:~$ smbclient \\\\relay\\chtaylor -U chtaylor Unable to open configuration file "/opt/samba/lib/smb.conf"! pm_process retuned false Can't load /opt/samba/lib/smb.conf - run testparm to debug it .history H 477 Mon May 10 15:11:52 1999 xrelay A 99 Fri Jul 25 14:47:58 1997 .local DH 0 Fri Sep 12 13:44:54 1997 .vacation.dir H 0 Mon Jul 28 10:01:09 1997 .vacation.pag H 0 Mon Jul 28 10:01:09 1997 Mail D 0 Fri Sep 12 13:44:54 1997 www D 0 Mon May 10 15:09:44 1999 .Xauthority H 101 Mon May 10 15:10:36 1999 57112 blocks of size 131072. 20832 blocks available smb: \> exit sandman:~$ -------------- next part -------------- [global] deadtime = 5 workgroup = ACADIA server string = Samba Server on Relay hosts allow = 131.162. load printers = yes printcap name = lpstat log level = 1 log file = /usr/local/var/samba/log.%m max log size = 50 security = server password server = thor.acadiau.ca encrypt passwords = yes socket options = TCP_NODELAY dns proxy = no [homes] comment = Home Directories map archive = yes map system = yes map hidden = yes path = %H browseable = no writable = yes [www] comment = Personal WWW Directories browseable = no writable = yes path = %H/www [aics] comment = Acadia Institute of Case Studies path = /usr/local/lib/www/fps/business/aics public = no writable = yes valid users = marc, follows, 028219c [businessgrads] comment = School of Business Graduates Web Site path = /usr/local/lib/www/businessgrads public = no writable = yes valid users = marc, hare, 018916f, 019066b force user = hare [csclub] comment = Computer Science Club path = /usr/local/lib/www/clubs/csclub public = no writable = yes valid users = 020332d force user = 020332d [printers] comment = All Printers path = /tmp browseable = no guest ok = no writable = no printable = yes create mode = 0700 print command = /usr/ucb/lpr -h -P%p /tmp/%s ; rm /tmp/%s & lpq command = /bin/lpstat -o %p & lprm command = /usr/bin/cancel %p-%j &
The Hermit Hacker wrote:> > I'm *really* hoping that its something that we're overlooking as > far as configuration is concerned...or else there is one helluva large > hole in Samba :( >Whaddya expect, huh? Just see _hosts allow_ parameter, this explains everything... Michal
Maybe Matching Threads
- Security related bug/issue ... or mis-configuration? (fwd)
- [2.0.7pre1] found 'server = domain' directive ...
- 3.86-pre1 gpxelinux.0 SIS900 long boot time / fails to boot / no entries in tftp server log
- Interdomain trusts (Bind NACK received on pipe)
- [2.0.7pre1] --with-utmp enabled ...