DATE: COMMAND SOURCE: AUTHOR: Samba SYSTEMS AFFECTED Win WfW, 95 PROBLEM This text is compilation of papers found at ex Bill Stout's page and www.ntshop.com/security. When a Windows for Workgroups or Windows 95 machine shares any folder, bugs in Microsoft's SMB implementation (over all network protocols) allows access to the whole drive, with whatever permissions the sharename was given. These resources are advertised on a browse list that is made available to anyone on the local network by default, and to anyone on the Internet who knows the machine's IP address. Any user sharing a folder on a TCP/IP network without a password is opening the whole disk up to the entire Internet (all an intruder needs to do is locate the machine) and those with a password should be aware that Windows has no protection against brute force attacks. You should be aware of the necessity to choose incredibly difficult passwords! EXPLOIT SOLUTION An alleged fix for Windows for Workgroups was quietly released in early October, and Microsoft publicly announced a fix for Win95 on October 20th. It has not been rigorously tested, but it appears to fix the problem. The fix for Windows for Workgroups might not be a complete fix, but rather a patch for one way to exploit the problem. The patch only works on the US/English version of Windows 95; at this writing, all non-English versions of Windows 95 are still vulnerable. KB for Win '95 says following: Use user-level access control instead of share-level access control to share the folder. To use user-level access control to share a folder, follow these steps: 1. Stop sharing the folder, 2. Use the right mouse button to click Network Neighborhood, and then click Properties on the menu that appears, 3. On the Access Control tab, click the User-Level Access Control option button, 4. In the "Obtain list of users and groups from" box, specify the network domain or computer from which the master list of users should be obtained. 5. Click OK. 6. Share the folder again. NOTE: To use user-level access control, there must be a Microsoft Windows NT or Novell NetWare server on the network that can provide the master list of users. KB for WfW says following: To resolve this problem in Windows for Workgroups 3.11, follow these steps: 1. Download the Wfwvsrvr.exe file from one of the Microsoft Software Library (MSL) on the following services: The Microsoft Network, CompuServe, Microsoft Download Service (MSDL), Internet (anonymous FTP, ftp ftp.microsoft.com). 2. In File Manager, double-click the Wfwvsrvr.exe file to expand the Vserver.386 file it contains, 3. Quit Windows for Workgroups, 4. Copy the new Vserver.386 file to the Windows\System directory, overwriting the existing version of the file, 5. Restart your computer.