Educause Security Discussion mailing list archives
Re: ISS Vul Scan
From: John Hoffoss <John.Hoffoss () CSU MNSCU EDU>
Date: Wed, 4 Apr 2007 10:51:17 -0500
On Wed, Mar 28, 2007 at 12:26 PM, in message
<78832BA2F6DE4C4FB39BA282165C95B8EA6AC8 () MRED hsc net ou edu>, "Gibson, Nathan J. (HSC)" <Nathan-Gibson () OUHSC EDU> wrote:
Does Anyone know why ISS would be flagging this: It is a Server 2k3 Machine. No NT Machines on the network. No apps needing NetBIOS. We have disabled NetBIOS on the NIC and it still shows up. M Root Share: SMB NetBIOS entire drive available (CVE- 1999- 0520) Vuln count = 3 NetBIOS allows full access to the entire hard drive. By sharing the entire drive, any new additions to this drive are automatically made available. Remedy: Restrict the share to specific directories or require stronger authentication for access.
Inspect your NTFS permissions for this drive to ensure guest/Everyone is not provided full read/write access to the share. As Diego Lopez pointed out, ISS was probably able to map a drive to \\hostname\M$ with full permissions. -jth John T. Hoffoss, GCIH Information Security Specialist Minnesota State Colleges and Universities
Current thread:
- Re: ISS Vul Scan Lopez, Diego (District) (Apr 03)
- <Possible follow-ups>
- Re: ISS Vul Scan John Hoffoss (Apr 04)