SMB Security Hole

← Back to Stories (view on slashdot.org)

Posted by michael on Friday April 20, 2001 @08:33AM from the hot-knife dept.

Thangorodrim writes "First saw this at SecurityFocus, but it seems as if someone at COTDC finally got around to coding a nice SMB session hijacker for NT/2000. I've tested this on some machines...its pretty brutal. And just in time to coincide with the release of l0phtcrack 3.0... The story linked doesn't have a link to the actual utility, but you can grab it here." *cough* For testing purposes only, of course.

5 of 16 comments (clear)

Min score:

Reason:

Sort:

Re:Downward Spiral? by Phexro · 2001-04-20 10:32 · Score: 2

well, even with the crappy security that's become the norm with msft products, an os using a nt kernel will always be more secure than an os using a 9x kernel.

even if nt's implementation is flawed, it at least has the design, like users, permissions, and some seperation of kernel- and user-space.

with that said, a default install of nt (dunno about win2k, never touched it) is so horrible that it brings the overall security of the system almost down to the win9x level. which is to say none at all. come on, who besides msft would ship a product with the filesystem permissions blown wide open by default?

but the moral of this story is: don't use default installs on production systems. even if they aren't windows.
---
Samba by danpbrowning · 2001-04-20 10:30 · Score: 2

How does samba avoid this hole? (Better design in the first place? Or saw the problem and fixed it?)

--
Daniel
Downward Spiral? by CliffSpradlin · 2001-04-20 04:49 · Score: 2

As win2k "ages" it seems as though more and more holes in it are being found. Could this eventually make win2k as unsecure as Win9x?
1. Re:Downward Spiral? by IntlHarvester · 2001-04-21 05:22 · Score: 3
  
  Great karma score for saying nothing.
  
  As the article points out, Microsoft long ago fixed this with NTLMv2. What the article didn't point out, was that this "new" exploit has been known about for at least 5 years, if not 10 or 15 years. The short answer is that most SMB networks are safely firewalled away, and the admins could give a crap about the authentication security.
  
  The reason people are still vulnerable is that Microsoft loathes to break backwards compatibility. Switching authentication protocols also "breaks" Samba, I believe, which I'm sure many slashdot readers would ascribe to malice. Contrary to your assumption, as older products go away, Microsoft's products will become more secure.
  
  Anyway, just another reason not to hire paper MCSEs...
  --
  
  --
  Business. Numbers. Money. People. Computer World.
2. Re:Downward Spiral? by IntlHarvester · 2001-04-21 05:27 · Score: 3
  
  Actually, a Index Server hole was found between RTM and launch. Thus, when Windows 2000 was released, there was already a hotfix waiting for it.
  
  Time definately makes holes more obvious, but product quality has a much more significant impact. For example, consider IE, Netscape 4.x, IIS, and wu-ftp. All of the above products have had a very poor security history, and holes are still being discovered. My guess is that holes will continually be discovered until the products are sigificantly rewritten or audited. On the other hand, look at Apache or QMail: Time has not brought out a significant increase in security fixes.
  --
  
  --
  Business. Numbers. Money. People. Computer World.