Is anyone running Ubuntu 7.04 and Vista on a network

Discussion in 'Windows Vista Security' started by mirdragon, May 2, 2007.

  1. mirdragon

    mirdragon Guest

    The reason i ask is that i may have found a possible security flaw, but would
    appreciate it if anyone else who has the above operatings system can also
    check to see if this was coincident or is a flaw in vista's security

    Scenario
    1 PC Running Vista 64 Home Premium
    1 PC Running Ubuntu 7

    Vista pc setup for use on private network, i have no shares configured

    From the Ubuntu desktop, i managed to browse the network, and select my
    vista pc - because i am a local user on vista with admin rights i entered my
    details and connected to the vista pc.

    Usually you would get no shares available, but no all hidden admin shares
    where displayed for my drives, and everyone was accessible.

    Surely this is incorrect, this shares should not show up in ubuntu and
    should be fully hidden.

    As anyone else come across this or can someone else test. If the results are
    the same and can see hidden shares when you're not supposed to, then surely
    this is one major security breach.

    regards
     
    mirdragon, May 2, 2007
    #1
    1. Advertisements

  2. mirdragon

    Jesper Guest

    You must have misunderstood what "no shares configured" means. It means you
    have not created any additional shares over and above the administrative
    shares. "Hidden" as in "hidden share" means "flagged with a special flag that
    directs the client not to display the share."

    Also, if you had left UAC turned on you would not have been able to connect
    to the administrative shares. You would be able to connect other shares but
    those are restricted to administrators only and with UAC turned on
    administrators do not get administrative tokens when connecting from the
    network to stand-alone computers.

    If you want to "hide" the Vista machine from the Ubuntu system either
    configure the firewall in the public profile or open the Network and Sharing
    Center and turn off network discovery.
     
    Jesper, May 2, 2007
    #2
    1. Advertisements

  3. mirdragon

    Iuvenalis Guest

    Further to Jespers comments, the user connecting to the Vista machine from
    the Linux machine knew the admin username & passphrase for the Vista
    machine.
    I assume this information isn't something you will be making readily
    available to everyone on your network?
    This isn't a security breach at all.
     
    Iuvenalis, May 2, 2007
    #3
  4. mirdragon

    mirdragon Guest

    sorry i do think this is a security breach

    a hidden share is a hidden share and should not be viewable within network
    browsing, that is why they are called hidden for extra security

    try connecting exactly the same way with exactly the same details from a
    windows xp machine, and you'll find that this DOES NOT list these hidden
    shares

    do it from a linux box running ubuntu 7 and you'll get everything this only
    happens when connecting via linux

    as for uac, if you leave this active even though you are an administrator of
    the system, you might as well be a limited user, as it prevents a lot of
    stuff running properly
     
    mirdragon, May 2, 2007
    #4
  5. Nope, you misunderstand hidden share, it was never intended as a
    security feature, it was more of a housekeeping, keeping things looking
    clean standpoint. A hidden share is marked as "hidden" by having a $
    appended to it. The Windows OS sees the appended $ and treats it as
    hidden. The OS still sends the share in the list of shares for the share
    enumeration request. This has always been the case. Basically it is up
    to the OS or the application if it wants to display those shares once it
    sees the "hidden" flag.

    This was pretty common in Windows NT, it is how computer accounts were
    "hidden" from display when you listed user accounts or if you just
    wanted to display computer accounts.

    joe

    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], May 2, 2007
    #5
  6. mirdragon

    Dave R. Guest

    Security breach? Hardly - at best, it's another case of MS using
    "security by obscurity", except that it isn't even particularly obscure
    in this case. I think you will find that only Windows fails to display
    those "hidden" shares. I doubt MS even intended for this to be for
    security, probably just to keep things a little cleaner for non-admin
    types. AFAIK, there isn't any special hidden attribute attached to them
    beyond having the $ after the name, they are just hidden by convention
    in a MS network environment. Besides **everyone** knows they are there,
    and that they are called <drive letter>$, so being hidden isn't helpful
    anyway. You still need credentials with the correct permissions to
    access them.

    Regards,

    Dave
     
    Dave R., May 2, 2007
    #6
  7. mirdragon

    Iuvenalis Guest


    It isn't a security breach. Others have explained hidden shares better than
    I could.
    But remember, ***you are connecting to the vista pc using the admin
    username & passphrase***

    If an attacker didn't have this information they would not be able to
    connect to the admin shares.

    So, anyone connecting a Ubuntu machine without knowing the admin login
    details would not be able to access.

    As for UAC I still have mine enabled.
    For general use on this machine I get ZERO UAC popups, i'm not sure what
    apps you're using?
    I run browsers, email, games, office apps, graphics apps, DVD & audio
    ripping, DVD - Xvid apps on a daily basis & none give me UAC pop ups.

    I get a pop up when I run true Image every week. For daily backups I use
    Robocopy which doesn't give you a UAC popup.

    I tend to view event viewer once a week or so if I think it necessary & that
    gives a pop up.

    So, what is it that you run that cannot run properly with UAC on?
     
    Iuvenalis, May 2, 2007
    #7
  8. In that case, it's very silly! If the enum is done by by a local process
    with a connection over DCOM then it's fair enough, it's listing shares
    that it's exposing.

    If it's showing up in a network browser, it defeats the whole point of
    the $ concept, which is to hide it from the browse request. Remember,
    it's not just C drives, it could be vast listings of a file server.
    You'd still have NTFS to get through, but it still defeats the whole
    point of them being "hidden".
     
    Gerry Hickman, May 2, 2007
    #8
  9. mirdragon

    Jesper Guest

    If it's showing up in a network browser, it defeats the whole point of
    What point is it that you believe is being defeated?
     
    Jesper, May 3, 2007
    #9
  10. You missed the part where I said this was never designed to be a
    security feature but instead is used for housekeeping/display. Say, and
    this is a real life example, I have a file server with 5000 home folder
    shares on it called user1$ through user2$ and I have 10 project shares
    on the server called proj1 through proj10. Some random user connects to
    the server by \\servername to get a list of the project shares, if MSFT
    didn't have the hidden mechanism the user would get a listing of 5010
    shares instead of 10.

    Your understanding or wish of what the $ concept is just needs to be
    readjusted. It isn't about hiding it from the browse request, it is a
    quick way to indicate to the client that the shares have been marked
    hidden which is a guideline and a guideline only, to not display. If
    MSFT intended for that to be a security feature, you can rest assured
    they wouldn't be sending those share names when requested. It is simpler
    not to send them than to not display them when they have been sent.


    --
    Joe Richards Microsoft MVP Windows Server Directory Services
    Author of O'Reilly Active Directory Third Edition
    www.joeware.net


    ---O'Reilly Active Directory Third Edition now available---

    http://www.joeware.net/win/ad3e.htm
     
    Joe Richards [MVP], May 4, 2007
    #10
  11. Hi Joe,

    In my view, this is FLAWED and should be fixed.

    Anyway, it's nice to know I can remotely enum all the "hidden" shares of
    Windows boxes with a simple browse request:)
     
    Gerry Hickman, May 5, 2007
    #11
  12. mirdragon

    Robert Moir Guest

    Nope. They're not hidden "for extra security". They're hidden to keep the
    list of shares you see on a "typical" OS (aka manufactured by Microsoft)
    tidy.
    Well. Yes. What's your point?
    Yes because the implementation of SAMBA used on Ubuntu 7 obviously doesn't
    follow the conventions of Microsoft networking. This isn't some l33t hax0r
    trick, it's something getting the same list of shares that is sent to all
    the computers on your network and choosing to do something different to what
    you expected with it.
    Can't say I've seen this myself. I'm running with UAC enabled and I see a
    UAC prompt maybe a couple of times a week, usually when I install software
    or update something or use a system utility.

    In either case, UAC is a part of enforcing security on the very thing you're
    worried about, and you chose to turn it off. Turning off security features
    then complaining that something protected by them isn't very secure any more
    is hardly news.
     
    Robert Moir, May 5, 2007
    #12
  13. mirdragon

    Jesper Guest

    The feature cannot be flawed since it was never designed to do what it is you
    seem to want it to do. If you do really believe in security by obscurity as a
    meaningful way to protect your shares (I do not) then you should make a
    suggestion to create a non-advertising share for the next version of Windows.

    Alternatively, you can turn off the announcement of the shares in Windows
    Vista (or any prior version) and achieve the same effect. The Network
    Discovery setting in the Network Sharing Center does exactly what you want,
    except it operates on all shares, not just some.
     
    Jesper, May 5, 2007
    #13
  14. Joe Richards [MVP], May 10, 2007
    #14
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.