Ryan Frantz
2004-Jun-23 15:21 UTC
[Samba] samba security question - samba vulnerable to anyWindowsExploits?
Paul, Are you using Samba to authenticate then? You've created user accounts on your Linux system that map to Windows accounts and built the Samba password database using 'smbpasswd'? ry -----Original Message----- From: samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org [mailto:samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org] On Behalf Of Paul Bradshaw Sent: Wednesday, June 23, 2004 11:14 AM To: samba@lists.samba.org Subject: Re: [Samba] samba security question - samba vulnerable to anyWindowsExploits? Hi Ryan, I am not authenticating to any Windows server, I just have the samba server itself set up with 3 users who an login. ...Paul Ryan Frantz wrote:>Paul, > >Are you using a Windows PDC or ADS to authenticate your Samba shares? >If so, the problem would not be with Samba, but with the authenticating >server. > >Ryan > >-----Original Message----- >From: samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org >[mailto:samba-bounces+ryanfrantz=informed-llc.com@lists.samba.org] On >Behalf Of Paul Bradshaw >Sent: Wednesday, June 23, 2004 11:02 AM >To: samba@lists.samba.org >Subject: [Samba] samba security question - samba vulnerable to any >WindowsExploits? > > >Hi there, > >I'm unclear on this warning I got from NeWT when I scanned my Linux >workstation. Could someone clarify for me if I should be worried? > >Thanks, > >...Paul >------------------------ >microsoft-ds (445/tcp) > > > >It was possible to log into the remote host using the following >login/password combinations : >'administrator'/'' >'administrator'/'administrator' >'guest'/'' >'guest'/'guest' > >It was possible to log into the remote host using a NULL session. >The concept of a NULL session is to provide a null username and >a null password, which grants the user the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please seehttp://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html> >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, >CAN-2002-1117 >BID : 494, 990 >Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394> > > >The following shares can be accessed using a NULL session : > >- IPC$ - (readable?, writeable?) > > >*Solution : To restrict their access under WindowsNT, open theexplorer,> >do a right click on each, >go to the 'sharing' tab, and click on 'permissions' >Risk factor : High >CVE : CAN-1999-0519, CAN-1999-0520 >BID : 8026 >* > >Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396> > >-- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Reasonably Related Threads
Wisdom of the Ancients
