[Micronet] Samba

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Samba

Beth Muramoto
I've gotten 4 security@berkeley alerts about vulnerabilities in Samba on computers, two of which require my admin login to install and yet they managed to get onto the computer so I'm assuming it's the kind of software that doesn't require admin privileges to install. Can someone confirm that?

I've been trying to read up on Samba to figure out why anyone would want it on their computers, but I need more "real user" context.

If anyone has used it or is using it, can you help me understand what purpose it serves?

Thanks. As always I appreciate the help and feedback.  Thanks also to everyone who responded to my wifi printing using AirBears query. You helped confirm my understanding of it.

Beth


***********************************************
Beth Muramoto
Computer Resource Specialist
Graduate School of Education
University of California, Berkeley
1650 Tolman Hall
Berkeley, CA 94720
Email:  mailto:[hidden email]
Phone:  (510) 643-0203
Fax:  (510) 643-6239

The Formula for Success:  Underpromise, overdeliver.
                                - Tom Peters

You have to decide what your highest priorities are and have the courage to say 'no' to other things."

                                -Stephen Covey

I'm a great believer in luck and I find the harder I work, the more I have of it.

                                -Thomas Jefferson

***********************************************




 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Samba

Tom Holub
MacOS X uses Samba for file and print sharing; if these are Macs, it's
probably because someone turned on sharing.  I'm not sure whether Apple has
patched the vulnerability; they are usually behind.

On 5/3/12 10:08 AM, Beth Muramoto wrote:

> I've gotten 4 security@berkeley alerts about vulnerabilities in Samba on computers, two of which require my admin login to install and yet they managed to get onto the computer so I'm assuming it's the kind of software that doesn't require admin privileges to install. Can someone confirm that?
>
> I've been trying to read up on Samba to figure out why anyone would want it on their computers, but I need more "real user" context.
>
> If anyone has used it or is using it, can you help me understand what purpose it serves?
>
> Thanks. As always I appreciate the help and feedback.  Thanks also to everyone who responded to my wifi printing using AirBears query. You helped confirm my understanding of it.
>
> Beth
>
>
> ***********************************************
> Beth Muramoto
> Computer Resource Specialist
> Graduate School of Education
> University of California, Berkeley
> 1650 Tolman Hall
> Berkeley, CA 94720
> Email:  mailto:[hidden email]
> Phone:  (510) 643-0203
> Fax:  (510) 643-6239
>
> The Formula for Success:  Underpromise, overdeliver.
> - Tom Peters
>
> You have to decide what your highest priorities are and have the courage to say 'no' to other things."
>
> -Stephen Covey
>
> I'm a great believer in luck and I find the harder I work, the more I have of it.
>
> -Thomas Jefferson
>
> ***********************************************
>
>
>
>
>  
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.


--
Tom Holub ([hidden email], 510-642-9069)
Director of Computing, College of Letters & Science
101.D Durant Hall
<http://LSCR.berkeley.edu/>


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Samba

Allison Henry

MacOS 10.6.8 uses Samba for Windows File and Printer sharing, and yes as
usual Apple is behind on updates. There are critical vulnerability for
the version of Samba used on MacOS 10.6 and SNS is sending alerts. This
is only an issue for MacOS < 10.7 as Lion uses a different SMB server.
I'll post something to UCB-security shortly with more specific details.

FYI we request that you please use the ucb-security mailing list to
discuss SNS vulnerability alerts on your systems, as such discussions
may include details that are not appropriate for a publicly archived
mailing list. Please see https://security.berkeley.edu/ucb-security for
details and to join if you're not a list member already. Thanks!

Allison Henry
System and Network Security
University of California, Berkeley
http://security.berkeley.edu

On 5/3/2012 10:06 AM, Tom Holub wrote:
> MacOS X uses Samba for file and print sharing; if these are Macs, it's
> probably because someone turned on sharing.  I'm not sure whether Apple has
> patched the vulnerability; they are usually behind.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Samba

Jonathan Felder-2
In reply to this post by Beth Muramoto
Samba is the open source implementation of Microsoft's SMB protocol.
It's used, among other things, to allow people on Windows computers to
access files on Unix based machines and to allow people on Unix based
machines to access files on Windows servers.

It can also be used as a drop in replacement for a Windows server for
the purposes of authentication.

Many many many people use it all of the time.  It's an extremely
valuable piece of software for people wanting to integrate Windows
machines into a Unix based server environment.

On 5/3/12 10:08 AM, Beth Muramoto wrote:

> I've gotten 4 security@berkeley alerts about vulnerabilities in Samba on computers, two of which require my admin login to install and yet they managed to get onto the computer so I'm assuming it's the kind of software that doesn't require admin privileges to install. Can someone confirm that?
>
> I've been trying to read up on Samba to figure out why anyone would want it on their computers, but I need more "real user" context.
>
> If anyone has used it or is using it, can you help me understand what purpose it serves?
>
> Thanks. As always I appreciate the help and feedback.  Thanks also to everyone who responded to my wifi printing using AirBears query. You helped confirm my understanding of it.
>
> Beth
>
>
> ***********************************************
> Beth Muramoto
> Computer Resource Specialist
> Graduate School of Education
> University of California, Berkeley
> 1650 Tolman Hall
> Berkeley, CA 94720
> Email:  mailto:[hidden email]
> Phone:  (510) 643-0203
> Fax:  (510) 643-6239
>
> The Formula for Success:  Underpromise, overdeliver.
> - Tom Peters
>
> You have to decide what your highest priorities are and have the courage to say 'no' to other things."
>
> -Stephen Covey
>
> I'm a great believer in luck and I find the harder I work, the more I have of it.
>
> -Thomas Jefferson
>
> ***********************************************
>
>
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.