Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

T-024: Vulnerability in Server Message Block (SMB)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) T-024: Vulnerability in Server Message Block (SMB)
# 1  
Old 11-13-2008
T-024: Vulnerability in Server Message Block (SMB)
A remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol handles NTLM credentials when a user connects to an attacker's SMB server. This vulnerability allows an attacker to replay the user's credentials back to them and execute code in the context of the logged-on user. The risk is MEDIUM. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

2 More Discussions You Might Find Interesting

1. Solaris

Cannot login to SMB Server/Authentication denied

Hello, I have problems seting up SMB server in Solaris 11.3. I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly. I have imported the previous zfs pool with share.smb set... (7 Replies)
Discussion started by: Zorken
7 Replies

2. Solaris

/network/smb/server goes into maintenance mode.

All I'm running an OpenSolaris system (Nexenta). When doing a svcs I see that/network/smb/server is in maintenance mode. I have run a clear on the service and restarted. I see the same service show online* for a bit but then, enters maintenance every time. In the service log I... (2 Replies)
Discussion started by: dcpatriot
2 Replies
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

nsmb.conf

NSMB.CONF(5)						      BSD File Formats Manual						      NSMB.CONF(5)

NAME

     nsmb.conf -- configuration file for SMB requests

DESCRIPTION

     The nsmb.conf file contains information about the computers and shares or mount points for the SMB network protocol.

     The configuration hierarchy is made up of several sections, each section containing a few or several lines of parameters and their assigned
     values.  Each of these sections must begin with a section name enclosed within square brackets, similar to:

	   [section_name]

     The end of each section is marked by either the start of a new section, or by the abrupt ending of the file, commonly referred to as the EOF.
     Each section may contain zero or more parameters such as:

	   [section_name]
	   key=value

     where key represents a parameter name, and value would be the parameter's assigned value.

     The SMB library uses the following information for section names:

     A)      [default]
     B)      [SERVER]
     C)      [SERVER:SHARE]

     Possible keywords may include:

     Keyword		 Section    Default    Comment
			 A B C	    Values
     addr		 - + -		       DNS name or IP address of server
     nbtimeout		 + + -	    1s	       Timeout for resolving a NetBIOS name
     minauth		 + + -	    NTLMv2     Minimum authentication level allowed
     port445		 + + -	    normal     How to use SMB TCP/UDP ports
     streams		 + + +	    yes        Use NTFS Streams if server supported
     soft		 + + +		       Make the mount soft
     notify_off 	 + + +	    no	       Turn off using notifications
     kloglevel		 + - -	    0	       Turn on smb kernel logging
     protocol_vers_map	 + - -	    7	       Bitmap of SMB Versions that are enabled
     signing_required	 + - -	    no	       Turn on smb client signing
     signing_req_vers	 + - -	    6	       Bitmap of SMB Versions that have signing required
     validate_neg_off	 + - -	    no	       Turn off using validate negotiate
     max_resp_timeout	 + + -	    30s        Max time to wait for any response from server
     submounts_off	 + + +	    no	       Turn off using submounts
     dir_cache_async_cnt + + -	    10	       Max async queries to fill dir cache
     dir_cache_max	 + + -	    60s        Max time to cache for a dir
     dir_cache_min	 + + -	    30s        Min time to cache for a dir

     The minimum authentication level can be one of:

     kerberos  Kerberos - NTLMv2, NTLM, LM, and plain-text password authentication are not attempted.

     ntlmv2    NTLMv2 - Kerberos authentication is attempted if a Kerberos token can be obtained, otherwise NTLMv2 authentication is attempted; if
	       the server doesn't support encrypted passwords, the authentication fails.

     ntlm      NTLM - Kerberos authentication is attempted if a Kerberos token can be obtained, otherwise NTLMv2 authentication is attempted and,
	       if that fails, NTLMv1 authentication is attempted, with zeroes in the LM hash; if the server doesn't support encrypted passwords,
	       the authentication fails.

     lm        LM - Kerberos authentication is attempted if a Kerberos token can be obtained, otherwise NTLMv2 authentication is attempted and, if
	       that fails, NTLMv1 authentication is attempted, including the LM hash; if the server doesn't support encrypted passwords, the
	       authentication fails.

     none      none - The same as lm except that, if the server doesn't support encrypted passwords, plain-text passwords are used. Required for
	       servers that don't support extended security.

     (Note: "NetBIOS" as used below means "NetBIOS over TCP/IP.")

     "How to use SMB TCP/UDP ports" can be one of:

     normal	   Attempt to connect via port 445. If that is unsuccessful, try to connect via NetBIOS.

     netbios_only  Do not attempt to connect via port 445.

     no_netbios    Attempt to connect via port 445. If that is unsuccessful, do not try to connect via NetBIOS.

     "Bitmap of SMB Versions that are enabled" can be one of:

     7 == 0111
	SMB 1/2/3 should be enabled

     6 == 0110
	SMB 2/3 should be enabled

     4 == 0100
	SMB 3 should be enabled

     "Bitmap of SMB Versions that have signing required" can be one of:

     7	Signing required for SMB 1/2/3.

     6	Signing required for SMB 2/3.

     4	Signing required for SMB 3.

FILES

     /etc/nsmb.conf  The global configuration file.

     ~/Library/Preferences/nsmb.conf
		     The user's configuration file, conflicts will be overwritten by the global file.

EXAMPLES

     What follows is a sample configuration file which may, or may not match your environment:

	   # Configuration file for example.com
	   [default]
	   minauth=ntlmv2
	   streams=yes
	   soft=yes
	   notify_off=yes
	   [WINXP]
	   addr=windowsXP.apple.com

     All lines which begin with the '#' character are comments and will not be parsed.	The ``default'' section specifies that only Kerberos and
     NTLMv2 authentication should be attempted; NTLM authentication should not be attempted if NTLMv2 authentication fails, and plain-text authen-
     tication should not be attempted if the server doesn't support encrypted passwords.

SEE ALSO

     smbutil(1), mount_smbfs(8)

AUTHORS

     This manual page was originally written by Sergey Osokin <osa@FreeBSD.org> and Tom Rhodes <trhodes@FreeBSD.org>.

BSD
								   June 30, 2003							       BSD