9.7 Unix Samba Vulnerabilities


The Samba open source suite (http://www.samba.org) allows Linux and other Unix-like platforms to operate more easily within Windows NT domains and provides seamless file and print services to SMB and CIFS clients. Over the last six years, a number of remote vulnerabilities have been found in Samba services that allow attackers to compromise mostly Linux systems.

At the time of writing, the ISS X-Force vulnerability database (http://xforce.iss.net) lists a number of serious remotely exploitable issues in Samba (not including denial of service or locally exploitable post-authentication issues), as shown in Table 9-6.

Table 9-6. Remotely exploitable Samba vulnerabilities

XF ID

Date

Notes

12749

27/07/2003

Samba 2.2.7a and prior reply_nttrans( ) overflow

11726

07/04/2003

Samba 2.2.5 through 2.2.8 and Samba-TNG 0.3.1 and prior call_trans2open( ) remote overflow

11550

14/03/2003

Samba 2.0 through 2.2.7a remote packet fragment overflow

10683

20/11/2002

Samba 2.2.2 through 2.2.6 password change request overflow

10010

28/08/2002

Samba 2.2.4 and prior enum_csc_policy( ) overflow

6731

24/06/2001

Samba 2.0.8 and prior remote file creation vulnerability

3225

21/06/1999

Samba 2.0.5 and prior messaging service remote overflow

337

01/09/1997

Samba 1.9.17 and prior remote password overflow

Depending on the open network ports of a given Unix-like host running Samba, you are presented with a number of avenues to perform enumeration and brute-force password-grinding attacks. In particular, refer to the earlier examples of attacks launched against MSRPC, NeBIOS session, and CIFS services because the same tools will be equally as effective against accessible Samba services running on ports 135, 139, and 445, respectively.



Network Security Assessment
Network Security Assessment: Know Your Network
ISBN: 059600611X
EAN: 2147483647
Year: 2006
Pages: 166
Authors: Chris McNab

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net