For you to understand
Waldo Bastian
bastian at kde.org
Fri Apr 25 14:05:32 BST 2003
On Thursday 24 April 2003 18:23, 3APA3A wrote:
> Dear seclab at ce.aut.ac.ir,
>
> By the way: since KDE supports smb:// URL and status of SMB signing
> support for SAMBA is not clear (I see no setting to require SMB
> signing), KDE may be affected in much worse way.
>
> I'm not using KDE, so I can't validate this fact.
Based on the information provided in
http://www.securityfocus.com/archive/1/319494/2003-04-21/2003-04-27/1
and feedback from Andrew Bartlett of the Samba team it is our understanding
that the critical part here is the fact that:
"Windows automatically sends the encrypted hashed password of the logged-in
username to the target SMB server before prompting for password."
Since KDE and/or Samba do not do this we believe not to be vulnerable to this
particular problem.
Cheers,
Waldo
--
bastian at kde.org -=|[ SuSE, The Linux Desktop Experts ]|=- bastian at suse.com
More information about the kde-core-devel
mailing list