Re: samba security

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





Thanks Scot,

There's no administrator or guest account either on OS or Samba server, so I figured it was something related to how Samba impersonates a Windows fileshare. Samba is not actually vulnerable to to any Microsoft Windows Exploits, is it? I always just assumed it wasn't, but I want to make sure.



Scot L. Harris wrote:

On Mon, 2004-06-21 at 16:04, Paul Bradshaw wrote:


Hi there,

I scanned my Fedora server with NeWT and found this - should I be concerned about it?

Thanks,

...Paul


microsoft-ds (445/tcp)



It was possible to log into the remote host using the following
login/password combinations :
'administrator'/''
'administrator'/'administrator'
'guest'/''
'guest'/'guest'




Of course you should be concerned! Any good admin would.  :)

I just went through this with a security scan using nessus. Not sure
about NeWT but I think it gets this based on the simple ID of the
service running on the port.


Best thing to do is actually try and login in from a remote system using
those ids and passwords. I found that I was not able to login using
those ids/passwords or with null passwords.


I suspect that both applications are using the same test code and report
similar issues when there is no real issue.  Need to review the code to
see what they really are doing and why they send back a false positive
like this.

If you manually check it and it is secure then you don't need to worry.






[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux