Paul Bradshaw
2004-Jun-23 15:02 UTC
[Samba] samba security question - samba vulnerable to any Windows Exploits?
Hi there, I'm unclear on this warning I got from NeWT when I scanned my Linux workstation. Could someone clarify for me if I should be worried? Thanks, ...Paul ------------------------ microsoft-ds (445/tcp) It was possible to log into the remote host using the following login/password combinations : 'administrator'/'' 'administrator'/'administrator' 'guest'/'' 'guest'/'guest' It was possible to log into the remote host using a NULL session. The concept of a NULL session is to provide a null username and a null password, which grants the user the 'guest' access To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and Q246261 (Windows 2000). Note that this won't completely disable null sessions, but will prevent them from connecting to IPC$ Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html The remote host defaults to guest when a user logs in using an invalid login. For instance, we could log in using the account 'nessus/nessus' All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, CAN-2002-1117 BID : 494, 990 Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394> The following shares can be accessed using a NULL session : - IPC$ - (readable?, writeable?) *Solution : To restrict their access under WindowsNT, open the explorer, do a right click on each, go to the 'sharing' tab, and click on 'permissions' Risk factor : High CVE : CAN-1999-0519, CAN-1999-0520 BID : 8026 * Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396>