Dmitry Katsubo
2018-Dec-26 16:28 UTC
[Samba] How to change the server info/version which Samba returns to the client?
On 2018-12-26 17:10, Rowland Penny via samba wrote:> Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian] > > Comes from the servers Samba version, you cannot change this. > > The 'server string' parameter controls what is shown in browse lists > etc. This can be changed, but Samba will need to be restarted/reload > after the change and a new connection will need to be made to the > server.If the server's version reported to the client can't be changed, can it be potentially simplify the implementation of attack on Samba server (as attacker knows the operating system and version of the server)? -- With best regards, Dmitry
Reindl Harald
2018-Dec-26 18:04 UTC
[Samba] How to change the server info/version which Samba returns to the client?
Am 26.12.18 um 17:28 schrieb Dmitry Katsubo via samba:> On 2018-12-26 17:10, Rowland Penny via samba wrote: >> Domain=[WORKGROUP] OS=[Windows 6.1] Server=[Samba 4.2.14-Debian] >> >> Comes from the servers Samba version, you cannot change this. >> >> The 'server string' parameter controls what is shown in browse lists >> etc. This can be changed, but Samba will need to be restarted/reload >> after the change and a new connection will need to be made to the >> server. > > If the server's version reported to the client can't be changed, can > it be potentially simplify the implementation of attack on Samba server > (as attacker knows the operating system and version of the server)?surely, and sadly most of the stuff was diesgned with no awareness of that fact - you can't supress the version in ssh because it#s part of the proctol, the sme for mysql and httpd even refuses pacthes where you simply can remove the sevrer header because no client needs to know what type of webserver there is running at all in other world: most developers don't care otherwise this would not exist or at least not leak exact versions
Dmitry Katsubo
2018-Dec-27 23:15 UTC
[Samba] How to change the server info/version which Samba returns to the client?
On 2018-12-26 19:04, Reindl Harald via samba wrote:> surely, and sadly most of the stuff was designed with no awareness of > that fact - you can't suppress the version in ssh because it#s part of > the protocol, the sme for mysql and httpd even refuses spathes where you > simply can remove the server header because no client needs to know what > type of webserver there is running at all > > in other world: most developers don't care otherwise this would not > exist or at least not leak exact versionsI see, thanks for the information. At least sshd has DebianBanner no option in /etc/ssh/sshd_config which suppresses reporting the operating system. Although server version is required by protocol, the server could report major version like 4.x, similar to Apache option ServerTokens Major -- With best regards, Dmitry