File: 2468.txt

package info (click to toggle)
snort 2.9.2.2-3
  • links: PTS, VCS
  • area: main
  • in suites: wheezy
  • size: 53,752 kB
  • sloc: ansic: 214,625; sh: 13,872; makefile: 2,574; yacc: 505; perl: 496; lex: 260; sql: 213; sed: 14
file content (60 lines) | stat: -rw-r--r-- 1,155 bytes parent folder | download | duplicates (8)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Rule:

--
Sid:
2468

--
Summary:
This event is generated when an attempt is made to gain access to
private resources using Samba.

--
Impact:
Information gathering and system integrity compromise. Possible unauthorized
administrative access to the server.

--
Detailed Information:
This event is generated when an attempt is made to use Samba to gain
access to private or administrative shares on a host.

--
Affected Systems:
	All systems using Samba for file sharing.
	All systems using file and print sharing for Windows.

--
Attack Scenarios:
Many attack vectors are possible from simple directory traversal to
direct access to Windows adminsitrative shares.

--
Ease of Attack:
Simple. Exploit software is not required.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.

Check the host logfiles and application logs for signs of compromise.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--