DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  SMB


SYSTEMS AFFECTED

  Win NT 3.5, 3.51, 4.0

  

PROBLEM


    This text was originally found at Bill Stout's pages.



    A system can be configured to negotiate SMB dialect to  LanManager

    v2.0  which  prompts  the  client  to  send  a  users' password in

    cleartext without the users' knowledge.



    To connect to a fileshare or printshare, the NT network filesystem

    (SMB over  NetBIOS) requires  a cleartext  username, (a  cleartext

    domainname is  optional) and  with LanManager  v2.1 or  NTLM v0.12

    dialects, an encrypted password.



    SMB dialect 2.0 or earlier  used plaintext passwords, and NT  with

    backwards SMB  dialect capability  will negotiate  and connect  to

    earlier versions of SMB.





EXPLOIT

  

SOLUTION


    Upgrade your software.