Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Samba 3.2.0 & Tenable Nessus security alert

Status
Not open for further replies.
ocoro02

ocoro02

IS-IT--Management
Feb 6, 2008
5
I've recently upgrade to Samba 3.2.0 on Solaris 10 (x86) and for security reasons I need to run Nessus scans against the server running Samba. I'm getting what I think is a false positive now from Samba which I didn't get before (see below). Just wondering if anyone else has seen this and whether there could be any possibility of clearing it through the samba config?

---
Vulnerability microsoft-ds (445/tcp)
Synopsis :

Arbitrary code can be executed on the remote host due to a flaw in the
LSASS service.

Description :

The remote version of Windows contains a flaw in the function
DsRolerUpgradeDownlevelServer of the Local Security Authority
Server Service (LSASS) which may allow an attacker to execute
arbitrary code on the remote host with the SYSTEM privileges.

A series of worms (Sasser) are known to exploit this vulnerability
in the wild.

Solution :

Microsoft has released a set of patches for Windows NT, 2000, XP and 2003 :


Risk factor :

Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
CVE : CVE-2003-0533
BID : 10108
Other references : IAVA:2004-A-0006, OSVDB:5248
Nessus ID : 12209

---
 
Sort by date Sort by votes
Config here - very simple setup. I run it without the nmbd process (not started at all).

[global]
workgroup = FOO
server string = FOO Samba Server
security = user
hosts allow = xx.xx.xx.xx
socket options = TCP_NODELAY
socket address = xx.xx.xx.xx
load printers = no
log file = /var/log/samba/log.%m
max log size = 50
log level = 0 auth:2
passdb backend = tdbsam
interfaces = xx.xx.xx.xx/24
bind interfaces only = Yes
disable netbios = Yes
show add printer wizard = No
disable spoolss = Yes
restrict anonymous = 2
local master = no
dns proxy = no

[foo]
comment = foo
browseable = no
writable = yes
write list = foo
valid users = foo
printable = no
create mask = 0765
path = /export/home/foo

[bar]
comment = bar
browseable = no
writable = yes
write list = bar
valid users = bar
printable = no
create mask = 0765
path = /export/home/bar
 
Upvote 0 Downvote
It's 'restrict anonymous = 2' that triggers the Nessus alert. I'm gonna keep this setting anyway.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

countrydj
  • Locked
  • Question
Setup samba centos 6.3
Replies
2
Views
156
countrydj
countrydj
JKScotland
  • Locked
  • Question
Samba share not visible from "net view" or from WD TV live device
Replies
0
Views
123
JKScotland
JKScotland
putz3000
  • Locked
  • Question
XP - Pro PC's won't remember password to SAMBA share
Replies
0
Views
95
putz3000
putz3000
strajo
  • Locked
  • Question
.eps file problem, samba ldap
Replies
1
Views
115
strajo
strajo
treedstang
  • Locked
  • Question
SAMBA4 DOMAIN NOT SEEING IMPORTED USERS OR GROUPS FROM SAMBA3 DOMAIN
Replies
0
Views
140
treedstang
treedstang

Part and Inventory Search

Sponsor

Back
Top