DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  SMB

SYSTEMS AFFECTED

  Win NT 3.5, 3.51, 4.0
  

PROBLEM


    This text was originally found at Bill Stout's pages.

    A system can be configured to negotiate SMB dialect to  LanManager
    v2.0  which  prompts  the  client  to  send  a  users' password in
    cleartext without the users' knowledge.

    To connect to a fileshare or printshare, the NT network filesystem
    (SMB over  NetBIOS) requires  a cleartext  username, (a  cleartext
    domainname is  optional) and  with LanManager  v2.1 or  NTLM v0.12
    dialects, an encrypted password.

    SMB dialect 2.0 or earlier  used plaintext passwords, and NT  with
    backwards SMB  dialect capability  will negotiate  and connect  to
    earlier versions of SMB.



EXPLOIT

  

SOLUTION


    Upgrade your software.