Paul Bradshaw
2004-Jun-23 15:13 UTC
[Samba] samba security question - samba vulnerable to any WindowsExploits?
Hi Ryan, I am not authenticating to any Windows server, I just have the samba server itself set up with 3 users who an login. ...Paul Ryan Frantz wrote:>Paul, > >Are you using a Windows PDC or ADS to authenticate your Samba shares? >If so, the problem would not be with Samba, but with the authenticating >server. > >Ryan > >-----Original Message----- >From: samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org >[mailto:samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org] On >Behalf Of Paul Bradshaw >Sent: Wednesday, June 23, 2004 11:02 AM >To: samba@lists.samba.org >Subject: [Samba] samba security question - samba vulnerable to any >WindowsExploits? > > >Hi there, > >I'm unclear on this warning I got from NeWT when I scanned my Linux >workstation. Could someone clarify for me if I should be worried? > >Thanks, > >...Paul >------------------------ >microsoft-ds (445/tcp) > > > >It was possible to log into the remote host using the following >login/password combinations : >'administrator'/'' >'administrator'/'administrator' >'guest'/'' >'guest'/'guest' > >It was possible to log into the remote host using a NULL session. >The concept of a NULL session is to provide a null username and >a null password, which grants the user the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html > >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, >CAN-2002-1117 >BID : 494, 990 >Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394> > > >The following shares can be accessed using a NULL session : > >- IPC$ - (readable?, writeable?) > > >*Solution : To restrict their access under WindowsNT, open the explorer, > >do a right click on each, >go to the 'sharing' tab, and click on 'permissions' >Risk factor : High >CVE : CAN-1999-0519, CAN-1999-0520 >BID : 8026 >* > >Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396> > >
Paul Bradshaw
2004-Jun-23 15:14 UTC
[Samba] samba security question - samba vulnerable to any WindowsExploits?
Hi Ryan, I am not authenticating to any Windows server, I just have the samba server itself set up with 3 users who an login. ...Paul Ryan Frantz wrote:>Paul, > >Are you using a Windows PDC or ADS to authenticate your Samba shares? >If so, the problem would not be with Samba, but with the authenticating >server. > >Ryan > >-----Original Message----- >From: samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org >[mailto:samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org] On >Behalf Of Paul Bradshaw >Sent: Wednesday, June 23, 2004 11:02 AM >To: samba@lists.samba.org >Subject: [Samba] samba security question - samba vulnerable to any >WindowsExploits? > > >Hi there, > >I'm unclear on this warning I got from NeWT when I scanned my Linux >workstation. Could someone clarify for me if I should be worried? > >Thanks, > >...Paul >------------------------ >microsoft-ds (445/tcp) > > > >It was possible to log into the remote host using the following >login/password combinations : >'administrator'/'' >'administrator'/'administrator' >'guest'/'' >'guest'/'guest' > >It was possible to log into the remote host using a NULL session. >The concept of a NULL session is to provide a null username and >a null password, which grants the user the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html > >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, >CAN-2002-1117 >BID : 494, 990 >Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394> > > >The following shares can be accessed using a NULL session : > >- IPC$ - (readable?, writeable?) > > >*Solution : To restrict their access under WindowsNT, open the explorer, > >do a right click on each, >go to the 'sharing' tab, and click on 'permissions' >Risk factor : High >CVE : CAN-1999-0519, CAN-1999-0520 >BID : 8026 >* > >Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396> > >
Paul Bradshaw
2004-Jun-23 15:14 UTC
[Samba] samba security question - samba vulnerable to any WindowsExploits?
Hi Ryan, I am not authenticating to any Windows server, I just have the samba server itself set up with 3 users who an login. ...Paul Ryan Frantz wrote:>Paul, > >Are you using a Windows PDC or ADS to authenticate your Samba shares? >If so, the problem would not be with Samba, but with the authenticating >server. > >Ryan > >-----Original Message----- >From: samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org >[mailto:samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org] On >Behalf Of Paul Bradshaw >Sent: Wednesday, June 23, 2004 11:02 AM >To: samba@lists.samba.org >Subject: [Samba] samba security question - samba vulnerable to any >WindowsExploits? > > >Hi there, > >I'm unclear on this warning I got from NeWT when I scanned my Linux >workstation. Could someone clarify for me if I should be worried? > >Thanks, > >...Paul >------------------------ >microsoft-ds (445/tcp) > > > >It was possible to log into the remote host using the following >login/password combinations : >'administrator'/'' >'administrator'/'administrator' >'guest'/'' >'guest'/'guest' > >It was possible to log into the remote host using a NULL session. >The concept of a NULL session is to provide a null username and >a null password, which grants the user the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html > >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, >CAN-2002-1117 >BID : 494, 990 >Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394> > > >The following shares can be accessed using a NULL session : > >- IPC$ - (readable?, writeable?) > > >*Solution : To restrict their access under WindowsNT, open the explorer, > >do a right click on each, >go to the 'sharing' tab, and click on 'permissions' >Risk factor : High >CVE : CAN-1999-0519, CAN-1999-0520 >BID : 8026 >* > >Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396> > >