On Tue, 2002-11-19 at 16:05, kirk johnson wrote: > > MM = M Maki (1 Oct 2002) > AB = Andrew Bartlett (2 Oct 2002) > > MM > I have a couple of Samba (2.0.7 & 2.2.0) servers I scanned with > > Nessus and they reported a security hole of "Possible to login > > to the remote host using a NULL session" I have a couple of NT > > servers I disabled with a registry edit. Is there a way to > > prevent this on the Samba servers or is it evan a valid issue? > > AB > Samba HEAD starts to add some of this, but the manpage is > > compleatly inaccurate... > > > > Set 'restrict anonymous = 1' should get you the start. > > > > I'm looking into how to best implement 'restrict anonymous = 2'. > > > > In the meantime, if you set 'auth methods = sam' (for standalone > > servers) then it will skip the 'guest' module, and deny all > > anonymous connections. However, this will break browsing and > > other services. > > i have the same basic question -- i'm running samba 2.0.6 on some > linux boxes, and nessus complains about several "Risk factor: High" > bugs that all seem to boil down to the fact that IPC$ can be accessed > with any username and password. > > i tried both the 'restrict anonymous = 1' and 'auth methods = sam' > tweaks suggested by andrew, but neither seems to make a difference -- > smbclient can still connect to \\targethost\IPC$ using arbitrary > usernames and passwords.
Both options are only in Samba 3.0. Run 'testparm', before you wonder why an option doesn't work. > i'm also unclear (both from my own lack of windows/samba knowledge and > from andrew's answer, quoted above) whether or not the ability to > access IPC$ using arbitrary usernames/passwords is actually a security > issue with samba/linux, or if this is perhaps only an issue for > genuine microsoft SMB implementations? It's an information leak - an unauthenticated user can find out a list of all users. Interestingly, much of this information can be inferred from other calls that are not controlled by 'restrict anonymous = 1'. > i've searched far and wide on th' net trying to find more information > about this, but other than the two e-mail messages quoted above, have > pretty much failed miserably. > > any further information on this subject (e.g., whether or not IPC$ > being exposed in this way is actually a security risk, possible > workarounds, including upgrading to newer versions of samba, etc.) > that folks might be able to provide would be much appreciated. Samba 3.0 implements 'restrict anonymous = 1'. I'm about to add 'restrict anonymous = 2' support. (Which locks down all guest access to IPC$, but breaks lots of things, like PDC and browse mater support). Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part