Please excuse me if this has been covered, but I just noticed something odd
with samba 2 beta 1. If I use smbclient to connect to a passworded resource on
a win machine (I've tried it with 98/95) and I just hit enter for the
password,
it lets me in. No questions asked. So, I pretty much have unlimited read
access to stuff I should not be able to get to.
Best Regards.
If this is the wrong list to send this to, please direct me in the right path.
---
Mark Deneen
deneen@bucknell.edu ICQ: 333068
http://www.students.bucknell.edu/deneen
revolutionary, adj.:
Repackaged.
Geez! This is a MAJOR Windows security bug! Security at the server shouldn't depend on clients being "nice". This is what happens when a protocol is treated as proprietary. Mark Deneen wrote:> Please excuse me if this has been covered, but I just noticed something odd > with samba 2 beta 1. If I use smbclient to connect to a passworded resource on > a win machine (I've tried it with 98/95) and I just hit enter for the password, > it lets me in. No questions asked. So, I pretty much have unlimited read > access to stuff I should not be able to get to. > > Best Regards. > > If this is the wrong list to send this to, please direct me in the right path. > --- > Mark Deneen > deneen@bucknell.edu ICQ: 333068 > http://www.students.bucknell.edu/deneen > > revolutionary, adj.: > Repackaged.-- ************************************** * Depois de tudo que aconteceu, * * voc? AINDA vai * * botar dinheiro na m?o da NIKE?? * OGY IS POLICY @ THE END ************************************** L ***************** O * FIGHT * UST NO ONE @ DE E @ BELIEVE THE LIE @ AP * THE * R N T * FUTURE!!! * T ___THE___ Y A ***************** \ \ / / CSUFBO @ EVRES RO TSISER @ ELGIEVNI @ EVIECED @ ET E @ \ V / E _______________________________________________ O L \ / V |Juan Carlos Castro y Castro | H S / \ E |jcastro@pcshop.com.br | A E / ^ \ R |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| O A I / / \ \ Y |Diretor de Inform?tica e Eventos Sobrenaturais | GIN D ~~~ ~~~ T |da E-RACE CORPORATION | RACER H ----------------------------------------------- G ING @ E PUR SI MUOVE @ THE TRUTH IS OUT THERE @ EVERYTHIN
Benjamin Scott wrote:> On Mon, 16 Nov 1998, Juan Carlos Castro y Castro wrote: > > This goes similar to the NT database corruption which MS tried to blame on Samba... > > I am new to the list, and disliking Microsoft is a hobby of mine, so if you > don't mind: I'm curious. What database corruption, and how did MS try to > blame it on Samba?I couldn't find the old message in my archive, but it was about corrupting the NT security information database because of some packets Samba sent and NT didn't expect. I think it was in some v2 beta, but I can't remember the details. Can someone mine it for us? -- ************************************** * Depois de tudo que aconteceu, * * voc? AINDA vai * * botar dinheiro na m?o da NIKE?? * OGY IS POLICY @ THE END ************************************** L ***************** O * FIGHT * UST NO ONE @ DE E @ BELIEVE THE LIE @ AP * THE * R N T * FUTURE!!! * T ___THE___ Y A ***************** \ \ / / CSUFBO @ EVRES RO TSISER @ ELGIEVNI @ EVIECED @ ET E @ \ V / E _______________________________________________ O L \ / V |Juan Carlos Castro y Castro | H S / \ E |jcastro@pcshop.com.br | A E / ^ \ R |Linuxeiro, alvinegro, X-Phile e Carioca Folgado| O A I / / \ \ Y |Diretor de Inform?tica e Eventos Sobrenaturais | GIN D ~~~ ~~~ T |da E-RACE CORPORATION | RACER H ----------------------------------------------- G ING @ E PUR SI MUOVE @ THE TRUTH IS OUT THERE @ EVERYTHIN
Benjamin Scott wrote:> On Mon, 16 Nov 1998, Juan Carlos Castro y Castro wrote: > > This goes similar to the NT database corruption which MS tried to blame on Samba... > > I am new to the list, and disliking Microsoft is a hobby of mine, so if you > don't mind: I'm curious. What database corruption, and how did MS try to > blame it on Samba?I couldn't find the old message in my archive, but it was about corrupting the NT security information database because of some packets Samba sent and NT didn't expect. I think it was in some v2 beta, but I can't remember the details. Can someone mine it for us? [Tim Wernick] I found it in Samba Digest 1797 "The Empire Strikes Back": Unbelievable! These guys get more and more disgusting each day. But now I have a proof that Linux and all its free software community (samba included) are indeed growing and are indeed consideder a threat by M$. Expect more and dirtier moves. Can you guys point me to more material on the subject? []'s, Juan> From: "Le Quellec, Francis" <FLeQuell@Teknor.com> > > Hi, we use a Windows NT to authenticate our users and I have a subnet with a > Linux server as the router for that subnet. > > I run samba-the-latest on Linux and I was told by a Microsoft guy that > this server may be the cause of the security problem on the NT server. It > seems that samba is corrupting the user database on the NT server and my > network admin thinks that the Linux server is the cause.This is not (yet again) the scare that MS started over Samba breaking NT? If an NT server database can be corrupted by Samba queries, there is something drastically wrong with NT, not with Samba. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/ms-tnef Size: 2912 bytes Desc: not available Url : http://lists.samba.org/archive/samba/attachments/19981118/7891a1eb/attachment.bin