We are running samba services on several solaris10 servers for the users that need to read reports/logs on their windows workstation. THe shares are shared read-only and allowed guest account since most of users do not have unix accounts. Our company recently started Qualys scan on all servers, and we need to address the vulnerabilities reported. We are getting the following vulnerabilities regarding the samba services: Remote User List Disclosure Using NetBIOS (CVE-2000-1200) Null Session/Password NetBIOS Access (CVE-1999-0519) Is there anyway to address this besides disable guest account? Thanks Ying Xu <yxu@littonloan.com> Unix Group ------------------------------------------------------------------------------------------- DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to this message and then delete it from your system. Use, dissemination or copying of this message by unintended recipients is not authorized and may be unlawful. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Did anyone encounter this kind of audit issue at all? Thanks Ying -----Original Message----- From: samba-bounces+ying.xu=littonloan.com@lists.samba.org [mailto:samba-bounces+ying.xu=littonloan.com@lists.samba.org] On Behalf Of Xu, Ying (Houston) Sent: Friday, May 22, 2009 11:01 AM To: samba@lists.samba.org Subject: [Samba] Vulnerabilities reported by Qualys scan We are running samba services on several solaris10 servers for the users that need to read reports/logs on their windows workstation. THe shares are shared read-only and allowed guest account since most of users do not have unix accounts. Our company recently started Qualys scan on all servers, and we need to address the vulnerabilities reported. We are getting the following vulnerabilities regarding the samba services: Remote User List Disclosure Using NetBIOS (CVE-2000-1200) Null Session/Password NetBIOS Access (CVE-1999-0519) Is there anyway to address this besides disable guest account? Thanks Ying Xu <yxu@littonloan.com> Unix Group ------------------------------------------------------------------------ ------------------- DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to this message and then delete it from your system. Use, dissemination or copying of this message by unintended recipients is not authorized and may be unlawful. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba ------------------------------------------------------------------------------------------- DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to this message and then delete it from your system. Use, dissemination or copying of this message by unintended recipients is not authorized and may be unlawful. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
On Wed, 2009-05-27 at 10:41 -0500, Xu, Ying (Houston) wrote:> Did anyone encounter this kind of audit issue at all? > > Thanks > > Ying > > > -----Original Message----- > From: samba-bounces+ying.xu=littonloan.com@lists.samba.org > [mailto:samba-bounces+ying.xu=littonloan.com@lists.samba.org] On Behalf > Of Xu, Ying (Houston) > Sent: Friday, May 22, 2009 11:01 AM > To: samba@lists.samba.org > Subject: [Samba] Vulnerabilities reported by Qualys scan > > We are running samba services on several solaris10 servers for the users > that need to read reports/logs on their windows workstation. THe shares > are shared read-only and allowed guest account since most of users do > not have unix accounts. Our company recently started Qualys scan on all > servers, and we need to address the vulnerabilities reported. We are > getting the following vulnerabilities regarding the samba services: > > Remote User List Disclosure Using NetBIOS (CVE-2000-1200) > Null Session/Password NetBIOS Access (CVE-1999-0519) > > Is there anyway to address this besides disable guest account? > > > Thanks > > Ying Xu <yxu@littonloan.com> > Unix GroupI used to run into security scans and mitigation requirements all the time. From a variety of scan tools... A _VERY_ brief Google search (CVE-2000-1200 samba) lead me to http://www.rapid7.com/vulndb/lookup/cifs-nt-0002 where you can find instructions on mitigating that issue (there are Windows sections, a Samba section, and a Novell section - just scroll). The second issue was also found with a similar search and results - http://www.rapid7.com/vulndb/lookup/cifs-nt-0001. I have typically found that these scan tools will give you a general idea of how to mitigate these issues (perhaps Windows-centric in this case) but still a hint none the less. Even Qualys gives you that much. Regards, Frank
Thanks for the reply. I have googled and tried different solutions before posting here. I thought that someone may encounter the same audit issues. I tried the workaround mentioned in the link, but it didnt work. Samba needs an existing unix account. Ying ________________________________ From: Frank Gruman [mailto:fgatwork@verizon.net] Sent: Wednesday, May 27, 2009 10:27 PM To: Xu, Ying (Houston) Cc: samba@lists.samba.org Subject: RE: [Samba] Vulnerabilities reported by Qualys scan On Wed, 2009-05-27 at 10:41 -0500, Xu, Ying (Houston) wrote: Did anyone encounter this kind of audit issue at all? Thanks Ying -----Original Message----- From: samba-bounces+ying.xu=littonloan.com@lists.samba.org [mailto:samba-bounces+ying.xu=littonloan.com@lists.samba.org] On Behalf Of Xu, Ying (Houston) Sent: Friday, May 22, 2009 11:01 AM To: samba@lists.samba.org Subject: [Samba] Vulnerabilities reported by Qualys scan We are running samba services on several solaris10 servers for the users that need to read reports/logs on their windows workstation. THe shares are shared read-only and allowed guest account since most of users do not have unix accounts. Our company recently started Qualys scan on all servers, and we need to address the vulnerabilities reported. We are getting the following vulnerabilities regarding the samba services: Remote User List Disclosure Using NetBIOS (CVE-2000-1200) Null Session/Password NetBIOS Access (CVE-1999-0519) Is there anyway to address this besides disable guest account? Thanks Ying Xu <yxu@littonloan.com> Unix Group I used to run into security scans and mitigation requirements all the time. From a variety of scan tools... A _VERY_ brief Google search (CVE-2000-1200 samba) lead me to http://www.rapid7.com/vulndb/lookup/cifs-nt-0002 where you can find instructions on mitigating that issue (there are Windows sections, a Samba section, and a Novell section - just scroll). The second issue was also found with a similar search and results - http://www.rapid7.com/vulndb/lookup/cifs-nt-0001. I have typically found that these scan tools will give you a general idea of how to mitigate these issues (perhaps Windows-centric in this case) but still a hint none the less. Even Qualys gives you that much. Regards, Frank ------------------------------------------------------------------------------------------- DISCLAIMER: This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to this message and then delete it from your system. Use, dissemination or copying of this message by unintended recipients is not authorized and may be unlawful. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email.
Yes - and I remember how frustrating it can be googling for info on "rid cycling"... I expect that there is a SaMBa hardening how-to somewhere... A quick search found a general doc with a mention of SaMBa: http://www.scribd.com/doc/13778461/Network-Security-Assessment-
On Thursday 28 May 2009 16:29:07 Quinn Fissler wrote:> Yes - and I remember how frustrating it can be googling for info on > "rid cycling"... > > I expect that there is a SaMBa hardening how-to somewhere...For all I can see all you need to do is to disable guest access.?That seems pretty easy. Cheers, Kai -- Kai Blin WorldForge developer http://www.worldforge.org/ Wine developer http://wiki.winehq.org/KaiBlin Samba team member http://www.samba.org/samba/team/ -- Will code for cotton. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part. Url : http://lists.samba.org/archive/samba/attachments/20090530/8171f3d1/attachment.bin