Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

T-024: Vulnerability in Server Message Block (SMB)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) T-024: Vulnerability in Server Message Block (SMB)
# 1  
Old 11-13-2008
T-024: Vulnerability in Server Message Block (SMB)
A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials when a user connects to an attacker's SMB server. This vulnerability allows an attacker to replay the user's credentials back to them and execute code in the context of the logged-on user. The risk is MEDIUM. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Solaris

Cannot login to SMB Server/Authentication denied

Hello, I have problems seting up SMB server in Solaris 11.3. I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly. I have imported the previous zfs pool with share.smb set... (7 Replies)
Discussion started by: Zorken
7 Replies

2. Solaris

/network/smb/server goes into maintenance mode.

All I'm running an OpenSolaris system (Nexenta). When doing a svcs I see that/network/smb/server is in maintenance mode. I have run a clear on the service and restarted. I see the same service show online* for a bit but then, enters maintenance every time. In the service log I... (2 Replies)
Discussion started by: dcpatriot
2 Replies
Login or Register to Ask a Question

LEARN ABOUT OPENSOLARIS

pam_smb_passwd

pam_smb_passwd(5)					Standards, Environments, and Macros					 pam_smb_passwd(5)

NAME

       pam_smb_passwd - SMB password management module

SYNOPSIS

       pam_smb_passwd.so.1

DESCRIPTION

       The  pam_smb_passwd  module enhances the PAM password management stack. This functionality supports the changing or adding of SMB passwords
       for local Solaris users. The Solaris CIFS server uses SMB passwords to authenticate connected  Solaris  users.  This  module  includes  the
       pam_sm_chauthtok(3PAM) function.

       The pam_sm_chauthtok() function accepts the following flags:

       PAM_PRELIM_CHECK

	   Always returns PAM_IGNORE.

       PAM_SILENT

	   Suppresses messages.

       PAM_UPDATE_AUTHTOK

	   Updates  or	creates  a  new CIFS local LM/NTLM hash for the user that is specified in PAM_USER by using the authentication information
	   found in PAM_AUTHTOK. The LM hash is only created if the smbd/lmauth_level property value of the smb/server service	is  set  to  3	or
	   less. PAM_IGNORE is returned if the user is not in the local /etc/passwd repository.

       The following options can be passed to the pam_smb_passwd module:

       debug

	   Produces syslog(3C) debugging information at the LOG_AUTH or LOG_DEBUG level.

       nowarn

	   Suppresses warning messages.

FILES

       /var/smb/smbpasswd

	   Stores SMB passwords for Solaris users.

ERRORS

       Upon successful completion of pam_sm_chauthtok(), PAM_SUCCESS is returned. The following error codes are returned upon error:

       PAM_AUTHTOK_ERR

	   Authentication token manipulation error

       PAM_AUTHTOK_LOCK_BUSY

	   SMB password file is locked

       PAM_PERM_DENIED

	   Permissions are insufficient for accessing the SMB password file

       PAM_SYSTEM_ERR

	   System error

       PAM_USER_UNKNOWN

	   User is unknown

ATTRIBUTES

       See the attributes(5) man page for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Committed 		   |
       +-----------------------------+-----------------------------+
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

SEE ALSO

       smbd(1M), syslog(3C), libpam(3LIB), pam(3PAM), pam_chauthtok(3PAM), pam_sm(3PAM), pam_sm_chauthtok(3PAM), pam.conf(4), attributes(5)

NOTES

       The interfaces in libpam(3LIB) are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

       The pam_smb_passwd.so.1 module should be stacked following all password qualification modules in the PAM password stack.

SunOS 5.11							    29 Apr 2008 						 pam_smb_passwd(5)