Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

T-024: Vulnerability in Server Message Block (SMB)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) T-024: Vulnerability in Server Message Block (SMB)
# 1  
Old 11-13-2008
T-024: Vulnerability in Server Message Block (SMB)
A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials when a user connects to an attacker's SMB server. This vulnerability allows an attacker to replay the user's credentials back to them and execute code in the context of the logged-on user. The risk is MEDIUM. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Solaris

Cannot login to SMB Server/Authentication denied

Hello, I have problems seting up SMB server in Solaris 11.3. I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly. I have imported the previous zfs pool with share.smb set... (7 Replies)
Discussion started by: Zorken
7 Replies

2. Solaris

/network/smb/server goes into maintenance mode.

All I'm running an OpenSolaris system (Nexenta). When doing a svcs I see that/network/smb/server is in maintenance mode. I have run a clear on the service and restarted. I see the same service show online* for a bit but then, enters maintenance every time. In the service log I... (2 Replies)
Discussion started by: dcpatriot
2 Replies
Login or Register to Ask a Question

LEARN ABOUT FREEBSD

smbutil

SMBUTIL(1)						    BSD General Commands Manual 						SMBUTIL(1)

NAME

     smbutil -- interface to the SMB requester

SYNOPSIS

     smbutil [-hv] command [-options] [args]

DESCRIPTION

     The smbutil command is used to control SMB requester and issue various commands.

     There are two types of options -- global and local to the specified command.

     Global options are as follows:

     -h      Print a short help message.

     -v      Verbose output.

     The commands and local options are:

     crypt [password]
	     Encrypt clear text password for use in the ~/.nsmbrc file.  The encrypted password starts with the '$$1' symbols.	Warning: the
	     encryption function is very weak and intended only to hide clear text password.  If password is omitted from the command line,
	     smbutil will prompt for one.

     help command
	     Print usage information about command.

     lc      List active connections and their parameters.

     login [-connection_options] //user@server[/share]
	     Login/attach to the specified server and/or share as user.  This command will create and authenticate connection to an SMB server,
	     and will leave it active after exit.  Thus, it is possible to login only once and then use other SMB commands without authentication
	     procedure and additional connections.  For the description of -connection_options refer to the mount_smbfs(8) manpage (all uppercase
	     options are connection options).

     logout //user@server[/share]
	     Logout/detach from the specified server and/or share as user.  This command will destroy a connection created by the login command.
	     A connection may not be closed immediately if it is used by other programs.

     lookup [-w host] name
	     Resolve the given name to an IP address.  The NetBIOS name server can be directly specified via the -w option.

     print [-connection_options] //user@server/share file
	     Send the given file to the specified queue on the remote server.  If file is -, then standard input will be used.

     view [-connection_options] //user@server
	     List resources available on the specified server for the user user.

FILES

     ~/.nsmbrc	Keeps description for each connection.	See ./examples/dot.nsmbrc for details.

AUTHORS

     Boris Popov <bp@butya.kz>, <bp@FreeBSD.org>

BUGS

     Please report any bugs to the author.

BSD
								 February 14, 2000							       BSD