Hello,
I'm using samba 3.0.24-6etch9 on a Debian stable system. I've received a
vulnerability report from our CERT stating, among others:
Vulnerability: anonymous nullsession exploitable, can list open shares,
can read registry
ToDo: Allow only authenticated users access to shared components (remove
'everyone')
Tool Reference: ISS 170
So I've tried nessus on that, it reported the same. After some digging,
I was able to list users and shares using the following commands:
net rpc share list -S s -U%
net rpc user -S s -U%
Not sure about how I could read registry, or whether samba now has one.
So I added restrict anonymous = 2 to smb.conf and was no more able to
get the above info. I asked our CERT to rescan, and they still found the
problem.
So, I have two questions:
* Does either restrict anonymous = 2, or setting valid users do whatever
Windows does when one removes Everyone from the IPC$ ACL? I'm using
security = user.
* Is the reported problem solved with one of those settings?
* Is the tool above available for downloading?
I've read securing-samba.html, AccessControls.html, and numerous links
found by Google.
I would appreciate any help.
Thanks in advance,
--
Baurzhan Ismagulov
http://www.kz-easy.com/
