T 3.94 Incorrect configuration of the Samba communication protocols
Samba uses a number of protocols for network wide communication:
- Microsoft Remote Procedure Call (MSRPC), a special form of Distributed Computing Environment Remote Procedure Call (DCE RPC)
- Network Basic Input/Output System (NetBIOS)
- Server Message Block (SMB)
- Transmission Control Protocol (TCP)/Internet Protocol (IP)
- Lightweight Directory Access Protocol (LDAP)
Misconfigurations of the communication protocols can adversely affect the availability and security of the services provided by a Samba server.
Example 1:
By default, Samba authenticates the users using the NT LAN Manager (NTLM) protocol (ntlm auth parameter in smb.conf) as well as the NTLMv2 protocol. This makes launching an attack easier, because the NTLM protocol is not as robust as the NTLMv2 protocol in terms of security.
Example 2:
By default, a Samba server does not use SMB Message Signing (server signing parameter in smb.conf). The SMB protocol is therefore susceptible to man-in-the-middle (MITM) attacks.
Example 3:
If Samba uses the ldapsam application as a backend when it is used as the Primary Domain Controller (PDC), then the account information of each user (for example the LAN Manager (LM) and/or NTLM hashes) are stored in a LDAP directory.
If the connection between Samba and the LDAP server is not encrypted using the Secure Sockets Layer (SSL), then an attacker can obtain the password hashes of the users by listening in on the connection and then calculate the passwords with little effort under some circumstances.