T-024: Vulnerability in Server Message Block (SMB)

2 More Discussions You Might Find Interesting

1. Solaris

Cannot login to SMB Server/Authentication denied

Hello, I have problems seting up SMB server in Solaris 11.3. I had SMB working previously on Solaris 11 (updated to 11.3), but a bad harddisk crash forced me to install Solaris again from scratch and I cannot get it working properly. I have imported the previous zfs pool with share.smb set...

2. Solaris

/network/smb/server goes into maintenance mode.

All I'm running an OpenSolaris system (Nexenta). When doing a svcs I see that/network/smb/server is in maintenance mode. I have run a clear on the service and restarted. I see the same service show online* for a bit but then, enters maintenance every time. In the service log I...

LEARN ABOUT OPENSOLARIS

smbfs

smbfs(7FS)							   File Systems 							smbfs(7FS)

NAME

       smbfs - CIFS/SMB file system

DESCRIPTION

       The  smbfs file system allows you to mount CIFS shares that are exported from Windows or compatible systems. SMB is the historical name for
       the CIFS protocol, which stands for Server Message Block and is more commonly used in technical contexts.

       The smbfs file system permits ordinary UNIX applications to change directory into an smbfs mount and  perform  simple  file  and  directory
       operations. Supported operations include open, close, read, write, rename, delete, mkdir, rmdir and ls.

   Limitations
       Some local UNIX file systems (for example UFS) have features that are not supported by smbfs. These include:

	   o	  A server disconnect is not automatically reconnected.

	   o	  No mapped-file access because mmap(2) returns ENOSYS.

	   o	  Locking is local only and is not sent to the server.

       The following are limitations in the CIFS protocol:

	   o	  unlink() or rename() of open files returns EBUSY.

	   o	  rename() of extended attribute files returns EINVAL.

	   o	  Creation  of	files  with  any of the following illegal characters returns EINVAL: colon (:), backslash (), slash (/), asterisk
		  (*), question mark (?), double quote ("), less than (<), greater than (>), and vertical bar (|).

	   o	  chmod and chown settings are silently discarded.

	   o	  Links are not supported.

	   o	  Symbolic links are not supported.

	   o	  mknod is not supported. (Only file and directory objects are supported.)

       The current smbfs implementation does not support multi-user mounts. Instead, each Unix user needs to make their own private mount points.

       Currently, all access through an smbfs mount point uses the Windows credentials established by the user that ran the  mount  command.  Nor-
       mally,  permissions on smbfs mount points should be 0700 to prevent Unix users from using each others' Windows credentials. See the diperms
       option to mount_smbfs(1M) for details regarding how to control smbfs mount point permissions.

       An important implication of this limitation is that system-wide mounts, such as those made using /etc/vfstab or	automount  maps  are  only
       useful in cases where access control is not a concern, such as for public read-only resources.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-------------------------+---------------------------------+
       |     ATTRIBUTE TYPE	 |	   ATTRIBUTE VALUE	   |
       +-------------------------+---------------------------------+
       |Availability		 | SUNWsmbfsu			   |
       +-------------------------+---------------------------------+
       |Interface Stability	 | Uncommitted			   |
       +-------------------------+---------------------------------+

SEE ALSO

       smbutil(1), mount_smbfs(1M), nsmbrc(4), attributes(5)

SunOS 5.11							    3 Feb 2009								smbfs(7FS)

Security Advisories (RSS)