The Samba open source suite (http://www.samba.org) allows Linux and other Unix-like platforms to operate more easily within Windows NT domains and provides seamless file and print services to SMB and CIFS clients. Over the last six years, a number of remote vulnerabilities have been found in Samba services that allow attackers to compromise mostly Linux systems. At the time of writing, the ISS X-Force vulnerability database (http://xforce.iss.net) lists a number of serious remotely exploitable issues in Samba (not including denial of service or locally exploitable post-authentication issues), as shown in Table 9-6.
Depending on the open network ports of a given Unix-like host running Samba, you are presented with a number of avenues to perform enumeration and brute-force password-grinding attacks. In particular, refer to the earlier examples of attacks launched against MSRPC, NeBIOS session, and CIFS services because the same tools will be equally as effective against accessible Samba services running on ports 135, 139, and 445, respectively. |