LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Other *NIX Forums > *BSD
User Name
Password
*BSD This forum is for the discussion of all BSD variants.
FreeBSD, OpenBSD, NetBSD, etc.

Notices

Reply
 
Search this Thread
Old 01-20-2013, 12:12 AM   #1
dchmelik
Member
 
Registered: Nov 2008
Location: Washington state, USA
Distribution: BSD, GNU/Linux (Slackware, etc.,) openSolaris
Posts: 197

Rep: Reputation: 21
OpenBSD Samba vulnerability


I set up shared folders with Samba & SWAT on OpenBSD 5.2 and accessed them from Slackware and Windows. I decided to restrict the shared folders to one user who has a non-null password. I restarted Samba and was still able to access the folders without login.
 
Old 01-21-2013, 02:21 AM   #2
rocket357
Member
 
Registered: Mar 2007
Location: 127.0.0.1
Distribution: OpenBSD-CURRENT
Posts: 476
Blog Entries: 116

Rep: Reputation: 74
Did you restart smbd and nmbd? Does the user have a valid *samba* password, or just system password? Can you verify the share config after using swat to make changes (i.e. the actual configuration file, not what swat is telling you)?

Last edited by rocket357; 01-21-2013 at 02:22 AM.
 
Old 01-21-2013, 02:36 AM   #3
dchmelik
Member
 
Registered: Nov 2008
Location: Washington state, USA
Distribution: BSD, GNU/Linux (Slackware, etc.,) openSolaris
Posts: 197

Original Poster
Rep: Reputation: 21
When I said I restarted samba, I meant '/etc/rc.d/samba,' which I as far as I know, restarts smbd; I do not know what nmbd is. I no longer have the smb.conf and do not recall if I set up a samba password; I thought I just set up a 'guest' folder and it started working, but I might have set up passwords. If I did, they would have been the same as for the users, or blank, but my point is if I removed guest sharing, Windows would be logging in as 'nobody' and should not be able to access these folders anymore that are not owned by 'nobody'... unless I would have had to restart nmbd.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Vulnerability in Samba provides access to files LXer Syndicated Linux News 0 02-10-2010 04:41 AM
OpenBSD 4.0 Samba/Winbind HiOctane21 *BSD 0 03-19-2007 03:59 AM
WARN: Samba Vulnerability Capt_Caveman Linux - Security 0 12-17-2004 10:59 PM
OpenBSD Vulnerability leeach *BSD 4 04-21-2004 02:01 AM
OpenBSD IP6 Vulnerability leeach *BSD 10 03-18-2004 06:33 PM


All times are GMT -5. The time now is 07:36 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration