Is anyone running Ubuntu 7.04 and Vista on a network

[Guest]

The reason i ask is that i may have found a possible security flaw, but would
appreciate it if anyone else who has the above operatings system can also
check to see if this was coincident or is a flaw in vista's security

Scenario
1 PC Running Vista 64 Home Premium
1 PC Running Ubuntu 7

Vista pc setup for use on private network, i have no shares configured

From the Ubuntu desktop, i managed to browse the network, and select my
vista pc - because i am a local user on vista with admin rights i entered my
details and connected to the vista pc.

Usually you would get no shares available, but no all hidden admin shares
where displayed for my drives, and everyone was accessible.

Surely this is incorrect, this shares should not show up in ubuntu and
should be fully hidden.

As anyone else come across this or can someone else test. If the results are
the same and can see hidden shares when you're not supposed to, then surely
this is one major security breach.

regards

 

[Guest]

You must have misunderstood what "no shares configured" means. It means you
have not created any additional shares over and above the administrative
shares. "Hidden" as in "hidden share" means "flagged with a special flag that
directs the client not to display the share."

Also, if you had left UAC turned on you would not have been able to connect
to the administrative shares. You would be able to connect other shares but
those are restricted to administrators only and with UAC turned on
administrators do not get administrative tokens when connecting from the
network to stand-alone computers.

If you want to "hide" the Vista machine from the Ubuntu system either
configure the firewall in the public profile or open the Network and Sharing
Center and turn off network discovery.

 

[Iuvenalis]

The reason i ask is that i may have found a possible security flaw, but
would
appreciate it if anyone else who has the above operatings system can also
check to see if this was coincident or is a flaw in vista's security

Scenario
1 PC Running Vista 64 Home Premium
1 PC Running Ubuntu 7

Vista pc setup for use on private network, i have no shares configured

From the Ubuntu desktop, i managed to browse the network, and select my
vista pc - because i am a local user on vista with admin rights i entered
my
details and connected to the vista pc.

Usually you would get no shares available, but no all hidden admin shares
where displayed for my drives, and everyone was accessible.

Surely this is incorrect, this shares should not show up in ubuntu and
should be fully hidden.

As anyone else come across this or can someone else test. If the results
are
the same and can see hidden shares when you're not supposed to, then
surely
this is one major security breach.

Further to Jespers comments, the user connecting to the Vista machine from
the Linux machine knew the admin username & passphrase for the Vista
machine.
I assume this information isn't something you will be making readily
available to everyone on your network?
This isn't a security breach at all.

 

[Guest]

sorry i do think this is a security breach

a hidden share is a hidden share and should not be viewable within network
browsing, that is why they are called hidden for extra security

try connecting exactly the same way with exactly the same details from a
windows xp machine, and you'll find that this DOES NOT list these hidden
shares

do it from a linux box running ubuntu 7 and you'll get everything this only
happens when connecting via linux

as for uac, if you leave this active even though you are an administrator of
the system, you might as well be a limited user, as it prevents a lot of
stuff running properly

 

[Joe Richards [MVP]]

Nope, you misunderstand hidden share, it was never intended as a
security feature, it was more of a housekeeping, keeping things looking
clean standpoint. A hidden share is marked as "hidden" by having a $
appended to it. The Windows OS sees the appended $ and treats it as
hidden. The OS still sends the share in the list of shares for the share
enumeration request. This has always been the case. Basically it is up
to the OS or the application if it wants to display those shares once it
sees the "hidden" flag.

This was pretty common in Windows NT, it is how computer accounts were
"hidden" from display when you listed user accounts or if you just
wanted to display computer accounts.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

 

[Dave R.]

Security breach? Hardly - at best, it's another case of MS using
"security by obscurity", except that it isn't even particularly obscure
in this case. I think you will find that only Windows fails to display
those "hidden" shares. I doubt MS even intended for this to be for
security, probably just to keep things a little cleaner for non-admin
types. AFAIK, there isn't any special hidden attribute attached to them
beyond having the $ after the name, they are just hidden by convention
in a MS network environment. Besides **everyone** knows they are there,
and that they are called <drive letter>$, so being hidden isn't helpful
anyway. You still need credentials with the correct permissions to
access them.

Regards,

Dave

 

[Iuvenalis]

sorry i do think this is a security breach

a hidden share is a hidden share and should not be viewable within network
browsing, that is why they are called hidden for extra security

try connecting exactly the same way with exactly the same details from a
windows xp machine, and you'll find that this DOES NOT list these hidden
shares

do it from a linux box running ubuntu 7 and you'll get everything this
only
happens when connecting via linux

as for uac, if you leave this active even though you are an administrator
of
the system, you might as well be a limited user, as it prevents a lot of
stuff running properly

It isn't a security breach. Others have explained hidden shares better than
I could.
But remember, ***you are connecting to the vista pc using the admin
username & passphrase***

If an attacker didn't have this information they would not be able to
connect to the admin shares.

So, anyone connecting a Ubuntu machine without knowing the admin login
details would not be able to access.

As for UAC I still have mine enabled.
For general use on this machine I get ZERO UAC popups, i'm not sure what
apps you're using?
I run browsers, email, games, office apps, graphics apps, DVD & audio
ripping, DVD - Xvid apps on a daily basis & none give me UAC pop ups.

I get a pop up when I run true Image every week. For daily backups I use
Robocopy which doesn't give you a UAC popup.

I tend to view event viewer once a week or so if I think it necessary & that
gives a pop up.

So, what is it that you run that cannot run properly with UAC on?

 

[Gerry Hickman]

hidden. The OS still sends the share in the list of shares for the share
enumeration request.

In that case, it's very silly! If the enum is done by by a local process
with a connection over DCOM then it's fair enough, it's listing shares
that it's exposing.

If it's showing up in a network browser, it defeats the whole point of
the $ concept, which is to hide it from the browse request. Remember,
it's not just C drives, it could be vast listings of a file server.
You'd still have NTFS to get through, but it still defeats the whole
point of them being "hidden".

 

[Guest]

If it's showing up in a network browser, it defeats the whole point of

the $ concept, which is to hide it from the browse request. Remember,
it's not just C drives, it could be vast listings of a file server.
You'd still have NTFS to get through, but it still defeats the whole
point of them being "hidden".

What point is it that you believe is being defeated?

 

[Joe Richards [MVP]]

You missed the part where I said this was never designed to be a
security feature but instead is used for housekeeping/display. Say, and
this is a real life example, I have a file server with 5000 home folder
shares on it called user1$ through user2$ and I have 10 project shares
on the server called proj1 through proj10. Some random user connects to
the server by \\servername to get a list of the project shares, if MSFT
didn't have the hidden mechanism the user would get a listing of 5010
shares instead of 10.

Your understanding or wish of what the $ concept is just needs to be
readjusted. It isn't about hiding it from the browse request, it is a
quick way to indicate to the client that the shares have been marked
hidden which is a guideline and a guideline only, to not display. If
MSFT intended for that to be a security feature, you can rest assured
they wouldn't be sending those share names when requested. It is simpler
not to send them than to not display them when they have been sent.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm

 

[Gerry Hickman]

Hi Joe,

In my view, this is FLAWED and should be fixed.

Anyway, it's nice to know I can remotely enum all the "hidden" shares of
Windows boxes with a simple browse request

 

[Robert Moir]

sorry i do think this is a security breach

a hidden share is a hidden share and should not be viewable within network
browsing, that is why they are called hidden for extra security

Nope. They're not hidden "for extra security". They're hidden to keep the
list of shares you see on a "typical" OS (aka manufactured by Microsoft)
tidy.

try connecting exactly the same way with exactly the same details from a
windows xp machine, and you'll find that this DOES NOT list these hidden
shares

Well. Yes. What's your point?

do it from a linux box running ubuntu 7 and you'll get everything this
only
happens when connecting via linux

Yes because the implementation of SAMBA used on Ubuntu 7 obviously doesn't
follow the conventions of Microsoft networking. This isn't some l33t hax0r
trick, it's something getting the same list of shares that is sent to all
the computers on your network and choosing to do something different to what
you expected with it.

as for uac, if you leave this active even though you are an administrator
of
the system, you might as well be a limited user, as it prevents a lot of
stuff running properly

Can't say I've seen this myself. I'm running with UAC enabled and I see a
UAC prompt maybe a couple of times a week, usually when I install software
or update something or use a system utility.

In either case, UAC is a part of enforcing security on the very thing you're
worried about, and you chose to turn it off. Turning off security features
then complaining that something protected by them isn't very secure any more
is hardly news.

 

[Guest]

The feature cannot be flawed since it was never designed to do what it is you
seem to want it to do. If you do really believe in security by obscurity as a
meaningful way to protect your shares (I do not) then you should make a
suggestion to create a non-advertising share for the next version of Windows.

Alternatively, you can turn off the announcement of the shares in Windows
Vista (or any prior version) and achieve the same effect. The Network
Discovery setting in the Network Sharing Center does exactly what you want,
except it operates on all shares, not just some.

 

[Joe Richards [MVP]]

Agreed.

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm