Paul, Are you using Samba to authenticate then? You've created user accounts on your Linux system that map to Windows accounts and built the Samba password database using 'smbpasswd'?
ry -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Bradshaw Sent: Wednesday, June 23, 2004 11:14 AM To: [EMAIL PROTECTED] Subject: Re: [Samba] samba security question - samba vulnerable to anyWindowsExploits? Hi Ryan, I am not authenticating to any Windows server, I just have the samba server itself set up with 3 users who an login. ...Paul Ryan Frantz wrote: >Paul, > >Are you using a Windows PDC or ADS to authenticate your Samba shares? >If so, the problem would not be with Samba, but with the authenticating >server. > >Ryan > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] On >Behalf Of Paul Bradshaw >Sent: Wednesday, June 23, 2004 11:02 AM >To: [EMAIL PROTECTED] >Subject: [Samba] samba security question - samba vulnerable to any >WindowsExploits? > > >Hi there, > >I'm unclear on this warning I got from NeWT when I scanned my Linux >workstation. Could someone clarify for me if I should be worried? > >Thanks, > >...Paul >------------------------ >microsoft-ds (445/tcp) > > > >It was possible to log into the remote host using the following >login/password combinations : >'administrator'/'' >'administrator'/'administrator' >'guest'/'' >'guest'/'guest' > >It was possible to log into the remote host using a NULL session. >The concept of a NULL session is to provide a null username and >a null password, which grants the user the 'guest' access > >To prevent null sessions, see MS KB Article Q143474 (NT 4.0) and >Q246261 (Windows 2000). >Note that this won't completely disable null sessions, but will >prevent them from connecting to IPC$ >Please see http://msgs.securepoint.com/cgi-bin/get/nessus-0204/50/1.html > >The remote host defaults to guest when a user logs in using an invalid >login. For instance, we could log in using the account 'nessus/nessus' > > >All the smb tests will be done as ''/'whatever' in domain ALUMNI_HOUSE >CVE : CAN-1999-0504, CAN-1999-0506, CVE-2000-0222, CAN-1999-0505, >CAN-2002-1117 >BID : 494, 990 >Plugin ID : 10394 <http://cgi.nessus.org/plugins/newt.php?id=10394> > > >The following shares can be accessed using a NULL session : > >- IPC$ - (readable?, writeable?) > > >*Solution : To restrict their access under WindowsNT, open the explorer, > >do a right click on each, >go to the 'sharing' tab, and click on 'permissions' >Risk factor : High >CVE : CAN-1999-0519, CAN-1999-0520 >BID : 8026 >* > >Plugin ID : 10396 <http://cgi.nessus.org/plugins/newt.php?id=10396> > > -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
