COMMAND

    UNIX based Samba attacks allows exporting your entire filesystem

SYSTEMS AFFECTED

    Win WfW, 95

PROBLEM

    This text is compilation of  papers found at ex Bill  Stout's page
    and www.ntshop.com/security.

    When a  Windows for  Workgroups or  Windows 95  machine shares any
    folder,  bugs  Microsoft's  SMB  implementation  (over all network
    protocols)  allows  access  to  the  whole  drive,  with  whatever
    permissions  the   sharename  was   given.  These   resources  are
    advertised on a  browse list that  is made available  to anyone on
    the local network  by default, and  to anyone on  the Internet who
    knows the  machine's IP  address. Any  user sharing  a folder on a
    TCP/IP network without a password is opening the whole disk up  to
    the entire  Internet (all  an intruder  needs to  do is locate the
    machine) and those  with a password  should be aware  that Windows
    has  no  protection  against  brute  force  attacks. You should be
    aware of the necessity to choose incredibly difficult passwords!

SOLUTION

    An alleged fix for Windows for Workgroups was quietly released  in
    early October, and Microsoft publicly announced a fix for Win95 on
    October 20th. It  has not been  rigorously tested, but  it appears
    to fix the problem. The  fix for Windows for Workgroups  might not
    be a complete fix, but rather  a patch for one way to  exploit the
    problem.   The  patch  only  works  on  the  US/English version of
    Windows 95; at this  writing, all non-English versions  of Windows
    95 are still vulnerable.

    KB for Win '95 says following:
    Use  user-level  access  control  instead  of  share-level  access
    control to share the folder.  To use user-level access control  to
    share a folder, follow these steps:

        1. Stop sharing the folder,
        2. Use the right  mouse button to click  Network Neighborhood,
           and then click Properties on the menu that appears,
        3. On  the  Access  Control  tab, click the User-Level  Access
           Control option button,
        4. In the "Obtain list of users and groups from" box,  specify
           the network domain or  computer from which the  master list
           of users should be obtained.
        5. Click OK.
        6. Share the folder again.

    NOTE: To use user-level access control, there must be a  Microsoft
    Windows  NT  or  Novell  NetWare  server  on  the network that can
    provide the master list of users.

    KB for WfW says following:
    To resolve  this problem  in Windows  for Workgroups  3.11, follow
    these steps:

        1. Download the  Wfwvsrvr.exe file from  one of the  Microsoft
           Software Library (MSL) on the following services:
               The Microsoft Network,
               CompuServe,
               Microsoft Download Service (MSDL),
               Internet (anonymous FTP, ftp ftp.microsoft.com).
        2. In  File  Manager,  double-click  the Wfwvsrvr.exe file  to
           expand the Vserver.386 file it contains,
        3. Quit Windows for Workgroups,
        4. Copy  the  new  Vserver.386  file  to  the   Windows\System
           directory, overwriting the existing version of the file,
        5. Restart your computer.