Re: ISS Vul Scan

[John Hoffoss <John.Hoffoss () CSU MNSCU EDU>]

> > > On Wed, Mar 28, 2007 at 12:26 PM, in message
<78832BA2F6DE4C4FB39BA282165C95B8EA6AC8 () MRED hsc net ou edu>, "Gibson, Nathan
J. (HSC)" <Nathan-Gibson () OUHSC EDU> wrote: 
> Does Anyone know why ISS would be flagging this:
>
>  
>
> It is a Server 2k3 Machine. No NT Machines on the network. No apps
> needing NetBIOS. We have disabled NetBIOS on the NIC and it still shows
> up.
>
>  
>
> M Root Share: SMB NetBIOS entire drive available (CVE- 1999- 0520)
>
> Vuln count = 3
>
> NetBIOS allows full access to the entire hard drive. By sharing the
> entire drive, any new additions to this drive are automatically made
>
> available.
>
> Remedy:
>
> Restrict the share to specific directories or require stronger
> authentication for access.

Inspect your NTFS permissions for this drive to ensure guest/Everyone is not provided full read/write access to the 
share. As Diego Lopez pointed out, ISS was probably able to map a drive to \\hostname\M$ with full permissions.

-jth


John T. Hoffoss, GCIH
Information Security Specialist
Minnesota State Colleges and Universities