Writeable NetBIOS share

Vulnerability Description

Brief description: If a NetBIOS share is without a password, an attacker can read and write any data to the share.

Full description: A NetBIOS share is a directory on a disk that is configured to be mountable by other hosts. If access to the share is not controlled with a password, any other host on the network can access the share.

Components: NetBIOS shares; trusted.

Systems: Windows 95/98, NT, OS/2, versions of UNIX running Samba.

Effect(s) of exploiting: Attacker can access files on the share.

Detecting the hole:

1. 1. Check if the share configuration uses passwords.

Fixing the hole:

1. Remove the share.
2. Enable passwords on the share.

Other information:

Keywords

NetBIOS share password access control

Cataloguing

PA Classification(s):

RISOS Classification(s):

DCS Classification(s):

CVE Number: CAN-1999-0519 -- A NETBIOS/SMB share password is the default, null, or missing.

Exploit Information

Attack: Mount the share.

Related Information

Advisories:

Related Vulnerabilities:

Reportage

Reporting: in ( )

Revision Number 1

1. Eric Haugh (6/29/2000):
   Initial entry