Loading ...
Sorry, an error occurred while loading the content.

Re: [nslu2-general] Re: samba2 on pogoplug not accessible from mac

Expand Messages
  • Gregg Levine
    ... Hello! Ron nice to see you here. What is the exploit? For those of us who do not follow those please summarize. ... Gregg C Levine gregg.drwho8@gmail.com
    Message 1 of 24 , Jan 4, 2013
    • 0 Attachment
      On Fri, Jan 4, 2013 at 8:43 PM, Ron Guerin <ron@...> wrote:
      > On 01/04/2013 08:28 PM, oddballhero wrote:
      >> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
      >
      > Samba3 is from 2003. Samba4 just went stable a few weeks ago.
      >
      >> I've been running 3.6 for some time.
      >
      > FYI: https://www.samba.org/samba/security/CVE-2012-1182
      >
      > The version I see in Optware, is 3.2.15-5, which would also be
      > vulnerable to the above exploit.
      >
      > - Ron
      >

      Hello!
      Ron nice to see you here. What is the exploit? For those of us who do
      not follow those please summarize.

      -----
      Gregg C Levine gregg.drwho8@...
      "This signature fought the Time Wars, time and again."
    • Ron Guerin
      ... I bought an ASUS RT-N16 last year. The discovery of Optware has led to a device I continue to find new uses for. ... I don t follow these either. I went
      Message 2 of 24 , Jan 4, 2013
      • 0 Attachment
        On 01/04/2013 10:21 PM, Gregg Levine wrote:
        > On Fri, Jan 4, 2013 at 8:43 PM, Ron Guerin<ron@...> wrote:
        >> On 01/04/2013 08:28 PM, oddballhero wrote:
        >>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
        >>
        >> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
        >>
        >>> I've been running 3.6 for some time.
        >>
        >> FYI: https://www.samba.org/samba/security/CVE-2012-1182
        >>
        >> The version I see in Optware, is 3.2.15-5, which would also be
        >> vulnerable to the above exploit.
        >>
        >> - Ron
        >>
        >
        > Hello!
        > Ron nice to see you here.

        I bought an ASUS RT-N16 last year. The discovery of Optware has led to
        a device I continue to find new uses for.

        > What is the exploit? For those of us who do not follow those please
        > summarize.

        I don't follow these either. I went to look up the year Samba3 was
        released and found the security warning on the Wikipedia page. The
        entire description is summary length, so I'll post it here.

        ===========
        Description
        ===========

        Samba versions 3.6.3 and all versions previous to this are affected by
        a vulnerability that allows remote code execution as the "root" user
        from an anonymous connection.

        The code generator for Samba's remote procedure call (RPC) code
        contained an error which caused it to generate code containing a
        security flaw. This generated code is used in the parts of Samba that
        control marshalling and unmarshalling of RPC calls over the network.

        The flaw caused checks on the variable containing the length of an
        allocated array to be done independently from the checks on the
        variable used to allocate the memory for that array. As both these
        variables are controlled by the connecting client it makes it possible
        for a specially crafted RPC call to cause the server to execute
        arbitrary code.

        As this does not require an authenticated connection it is the most
        serious vulnerability possible in a program, and users and vendors are
        encouraged to patch their Samba installations immediately.
      • oddballhero
        ... Will the wonders of Wikipedia ever cease. ... For your FYI: http://www.samba.org/samba/history/samba-3.6.4.html ... Package: samba36 Version: 3.6.10-1
        Message 3 of 24 , Jan 4, 2013
        • 0 Attachment
          --- In nslu2-general@yahoogroups.com, Ron Guerin wrote:
          >
          > On 01/04/2013 08:28 PM, oddballhero wrote:
          > > I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
          >
          > Samba3 is from 2003. Samba4 just went stable a few weeks ago.

          Will the wonders of Wikipedia ever cease.
          >
          > > I've been running 3.6 for some time.
          >
          > FYI: https://www.samba.org/samba/security/CVE-2012-1182

          For your FYI: http://www.samba.org/samba/history/samba-3.6.4.html
          >
          > The version I see in Optware, is 3.2.15-5, which would also be
          > vulnerable to the above exploit.
          >

          Package: samba36
          Version: 3.6.10-1
          Depends: avahi, popt, readline, zlib, e2fsprogs , openldap-libs , gconv-modules
          Conflicts: samba2, samba, samba34,samba35
          Suggests: cups
          Section: net
          Architecture: arm
          Maintainer: NSLU2 Linux <nslu2-linux@yahoogroups.com>
          MD5Sum: bcbc4bb4e96792bcecab593e15d5cebd
          Size: 32587982
          Filename: samba36_3.6.10-1_arm.ipk
          Source: http://www.samba.org/samba/ftp/stable/samba-3.6.10.tar.gz
          Description: Samba suite provides file and print services to SMB/CIFS clients. This is a newer version.

          Thanks again to Brian Zhou.

          Remember kids, "ipkg update" then "ipkg upgrade" or build your own.

          > - Ron
          >
        • Ron Guerin
          ... It s good for things like What year did XYZ come out? , especially for something as old as Samba3. I actually thought it was a little older, but I m
          Message 4 of 24 , Jan 4, 2013
          • 0 Attachment
            On 01/05/2013 01:04 AM, oddballhero wrote:
            >
            >
            > --- In nslu2-general@yahoogroups.com, Ron Guerin wrote:
            >>
            >> On 01/04/2013 08:28 PM, oddballhero wrote:
            >>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
            >>
            >> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
            >
            > Will the wonders of Wikipedia ever cease.

            It's good for things like "What year did XYZ come out?", especially for
            something as old as Samba3. I actually thought it was a little older,
            but I'm probably thinking of the pre-stable releases (I've been using
            Samba for a long time). For anyone curious about Samba4, there's an
            Active Directory service in there now. I'm guessing that running all
            that might be asking a bit much for an Optware device.

            >>> I've been running 3.6 for some time.
            >>
            >> FYI: https://www.samba.org/samba/security/CVE-2012-1182
            >
            > For your FYI: http://www.samba.org/samba/history/samba-3.6.4.html
            >>
            >> The version I see in Optware, is 3.2.15-5, which would also be
            >> vulnerable to the above exploit.
            >>
            >
            > Package: samba36
            > Version: 3.6.10-1
            > Depends: avahi, popt, readline, zlib, e2fsprogs , openldap-libs , gconv-modules
            > Conflicts: samba2, samba, samba34,samba35
            > Suggests: cups
            > Section: net
            > Architecture: arm
            > Maintainer: NSLU2 Linux<nslu2-linux@yahoogroups.com>
            > MD5Sum: bcbc4bb4e96792bcecab593e15d5cebd
            > Size: 32587982
            > Filename: samba36_3.6.10-1_arm.ipk
            > Source: http://www.samba.org/samba/ftp/stable/samba-3.6.10.tar.gz
            > Description: Samba suite provides file and print services to SMB/CIFS clients. This is a newer version.
            >
            > Thanks again to Brian Zhou.
            >
            > Remember kids, "ipkg update" then "ipkg upgrade" or build your own.

            Actually that wasn't my mistake. I didn't look down the list for
            "samba36" as opposed to "samba".

            - Ron
          • oddballhero
            ... Actually, I just meant that as a public service since you did bring up how important it is to keep up with security updates. I get security bulletins and
            Message 5 of 24 , Jan 5, 2013
            • 0 Attachment
              --- In nslu2-general@yahoogroups.com, Ron Guerin wrote:
              >
              > On 01/05/2013 01:04 AM, oddballhero wrote:
              > >
              > >
              > > --- In nslu2-general@yahoogroups.com, Ron Guerin wrote:
              > >>
              > >> On 01/04/2013 08:28 PM, oddballhero wrote:
              > >>> I'm pretty sure Samba3 has been around for a while... You mean like certain computer companies are perpetually in trial and error stage... There are only two sure things... (fill this in with your preference, see Benjamin Franklin or Elvis).
              > >>
              > >> Samba3 is from 2003. Samba4 just went stable a few weeks ago.
              > >
              > > Will the wonders of Wikipedia ever cease.
              >
              > It's good for things like "What year did XYZ come out?", especially for
              > something as old as Samba3. I actually thought it was a little older,
              > but I'm probably thinking of the pre-stable releases (I've been using
              > Samba for a long time). For anyone curious about Samba4, there's an
              > Active Directory service in there now. I'm guessing that running all
              > that might be asking a bit much for an Optware device.
              >
              > >>> I've been running 3.6 for some time.
              > >>
              > >> FYI: https://www.samba.org/samba/security/CVE-2012-1182
              > >
              > > For your FYI: http://www.samba.org/samba/history/samba-3.6.4.html
              > >>
              > >> The version I see in Optware, is 3.2.15-5, which would also be
              > >> vulnerable to the above exploit.
              > >>
              > >
              > > Package: samba36
              > > Version: 3.6.10-1
              > > Depends: avahi, popt, readline, zlib, e2fsprogs , openldap-libs , gconv-modules
              > > Conflicts: samba2, samba, samba34,samba35
              > > Suggests: cups
              > > Section: net
              > > Architecture: arm
              > > Maintainer: NSLU2 Linux
              > > MD5Sum: bcbc4bb4e96792bcecab593e15d5cebd
              > > Size: 32587982
              > > Filename: samba36_3.6.10-1_arm.ipk
              > > Source: http://www.samba.org/samba/ftp/stable/samba-3.6.10.tar.gz
              > > Description: Samba suite provides file and print services to SMB/CIFS clients. This is a newer version.
              > >
              > > Thanks again to Brian Zhou.
              > >
              > > Remember kids, "ipkg update" then "ipkg upgrade" or build your own.
              >
              > Actually that wasn't my mistake. I didn't look down the list for
              > "samba36" as opposed to "samba".

              Actually, I just meant that as a public service since you did bring up how important it is to keep up with security updates. I get security bulletins and have to make sure everything is secure.
              >
              > - Ron
              >
            • calguy2123
              I was finally able to mount it via unfs3 + portmap! Though the shares are all readonly in Mac. The same volumes are editable on Pogoplug though...
              Message 6 of 24 , Jan 5, 2013
              • 0 Attachment
                I was finally able to mount it via unfs3 + portmap! Though the shares are all readonly in Mac. The same volumes are editable on Pogoplug though...

                pogoplug#mount
                /tmp/.cemnt/sda1 on /tmp/.cemnt/mnt_sda1 type ufsd (rw,nosuid,nodev,noexec,noatime,nls=utf8,uid=0,gid=0,fmask=22,dmask=22,nocase,sparse,force)
                /tmp/.cemnt/sdb1 on /tmp/.cemnt/mnt_sdb1 type ext3 (rw,nosuid,nodev,noexec,noatime,data=ordered)

                mac#showmount -e 192.168.1.5
                Export list for 192.168.1.5:
                /tmp/.cemnt/mnt_sda1 192.168.1.0/24
                /tmp/.cemnt/mnt_sdb1 192.168.1.0/24

                mac#mount
                192.168.1.5:/mnt on /Volumes/mnt (nfs, nodev, nosuid, mounted by as)


                --- In nslu2-general@yahoogroups.com, Anthony Takata wrote:
                >
                > NFS is completely different to Samba, but anything that can be accessed as
                > a directory can be exported in NFS.
                > On Jan 4, 2013 11:09 AM, "calguy2123" wrote:
                >
                > > **
                > >
                > >
                > > I will try it tonight, but do you think Samba3 'will' work.. or is it
                > > still in trial and error stage.
                > >
                > > I see the pogoplug is mount NTFS drive as UFSD and is R/W accessible thru
                > > samba. Would NFS also be able share it?
                > >
                > > thanks!
                > >
                > > --- In nslu2-general@yahoogroups.com, "oddballhero" wrote:
                > > >
                > > > Actually Samba2 has some volume space reporting errors so I usually
                > > suggest installing Samba3.X now. Seems to be working well with my plugs and
                > > slugs. See bottom of http://www.nslu2-linux.org/wiki/Optware/Plugadditionsto upgrade Samba2 to Samba3.
                > > >
                > > > --- In nslu2-general@yahoogroups.com, "kradziwon" wrote:
                > > > >
                > > > > Thanks, oddballhero. After looking around a bit... Looks like MacOS X
                > > 10.8 has little if any support for earlier versions of Samba. Apparently I
                > > upgraded both my servers and my Macs right past a whole load of trouble in
                > > this area so the only advice I can give is to upgrade Samba or use NFS as
                > > an alternative.
                > > > >
                > > > > --- In nslu2-general@yahoogroups.com, "oddballhero" wrote:
                > > > > >
                > > > > > ooops
                > > > > > Here is the link
                > > http://tech.groups.yahoo.com/group/nslu2-general/message/8806
                > > > > > --- In nslu2-general@yahoogroups.com, "oddballhero" wrote:
                > > > > > >
                > > > > > > Kevin, see calguy2123's post with his smb.conf
                > > > > > >
                > > > > > > --- In nslu2-general@yahoogroups.com, Kevin Radziwon wrote:
                > > > > > > >
                > > > > > > > With the requisite software you could certainly use NFS shares
                > > but I can't imagine that it would be too difficult to get Samba working.
                > > How exactly were you mounting the SMB shares in the past? Can you post your
                > > smb.conf?
                > > > > > > >
                > > > > > > >
                > > > > > > >
                > > > > > > >
                > > > > > > > ________________________________
                > > > > > > > From: calguy2123
                > > > > > > > To: nslu2-general@yahoogroups.com
                > > > > > > > Sent: Wednesday, January 2, 2013 7:57 PM
                > > > > > > > Subject: [nslu2-general] Re: samba2 on pogoplug not accessible
                > > from mac
                > > > > > > >
                > > > > > > > I'm not using avahi, just vanilla smb. Is it possible to create
                > > NFS mounts on pogoplug? There is an app called mucommamder which I can use
                > > to browse the samba share, but it's not the same thing as a mounted volume.
                > > > > > > >
                > > > > > > > --- In nslu2-general@yahoogroups.com, Richard Hughes wrote:
                > > > > > > > >
                > > > > > > > > You da man! I forgot the specific port.
                > > > > > > > >
                > > > > > > > > On Wed, Jan 2, 2013 at 10:37 AM, Kevin Radziwon wrote:
                > > > > > > > >
                > > > > > > > > > **
                > > > > > > > > >
                > > > > > > > > >
                > > > > > > > > > If using ZeroConf (Avahi)...
                > > > > > > > > >
                > > > > > > > > > Check /etc/avahi/services/samba.service to make sure port is
                > > set to 445
                > > > > > > > > > (old port was 139).
                > > > > > > > > >
                > > > > > > > > > ________________________________
                > > > > > > > > > From: calguy2123
                > > > > > > > > > To: nslu2-general@yahoogroups.com
                > > > > > > > > > Sent: Tuesday, January 1, 2013 8:35 PM
                > > > > > > > > > Subject: [nslu2-general] samba2 on pogoplug not accessible
                > > from mac
                > > > > > > > > >
                > > > > > > > > >
                > > > > > > > > > I have optware with samba2 installed on pogoplug and the
                > > shares are
                > > > > > > > > > accessible from every where on the network, except mac
                > > (mountain lion).
                > > > > > > > > > When I try to connect, I get a message back that the version
                > > of the server
                > > > > > > > > > is not supported. Any clues/workarounds?
                > > > > > > > > >
                > > > > > > > > > ------------------------------------
                > > > > > > > > >
                > > > > > > > > > Yahoo! Groups Links
                > > > > > > > > >
                > > > > > > > > >
                > > > > > > > > > [Non-text portions of this message have been removed]
                > > > > > > > > >
                > > > > > > > > >
                > > > > > > > > >
                > > > > > > > >
                > > > > > > > >
                > > > > > > > > [Non-text portions of this message have been removed]
                > > > > > > > >
                > > > > > > >
                > > > > > > >
                > > > > > > >
                > > > > > > >
                > > > > > > > ------------------------------------
                > > > > > > >
                > > > > > > > Yahoo! Groups Links
                > > > > > > >
                > > > > > > >
                > > > > > > >
                > > > > > > > [Non-text portions of this message have been removed]
                > > > > > > >
                > > > > > >
                > > > > >
                > > > >
                > > >
                > >
                > >
                > >
                >
                >
                > [Non-text portions of this message have been removed]
                >
              • Anthony Takata
                Make sure user ns has write perms then and the mac mounts it rw. ... [Non-text portions of this message have been removed]
                Message 7 of 24 , Jan 5, 2013
                • 0 Attachment
                  Make sure user "ns" has write perms then and the mac mounts it rw.


                  On Sat, Jan 5, 2013 at 9:29 AM, calguy2123 <calguy2123@...> wrote:

                  > **
                  >
                  >
                  > I was finally able to mount it via unfs3 + portmap! Though the shares are
                  > all readonly in Mac. The same volumes are editable on Pogoplug though...
                  >
                  > pogoplug#mount
                  > /tmp/.cemnt/sda1 on /tmp/.cemnt/mnt_sda1 type ufsd
                  > (rw,nosuid,nodev,noexec,noatime,nls=utf8,uid=0,gid=0,fmask=22,dmask=22,nocase,sparse,force)
                  > /tmp/.cemnt/sdb1 on /tmp/.cemnt/mnt_sdb1 type ext3
                  > (rw,nosuid,nodev,noexec,noatime,data=ordered)
                  >
                  > mac#showmount -e 192.168.1.5
                  > Export list for 192.168.1.5:
                  > /tmp/.cemnt/mnt_sda1 192.168.1.0/24
                  > /tmp/.cemnt/mnt_sdb1 192.168.1.0/24
                  >
                  > mac#mount
                  > 192.168.1.5:/mnt on /Volumes/mnt (nfs, nodev, nosuid, mounted by as)
                  >
                  >
                  > --- In nslu2-general@yahoogroups.com, Anthony Takata wrote:
                  > >
                  > > NFS is completely different to Samba, but anything that can be accessed
                  > as
                  > > a directory can be exported in NFS.
                  > > On Jan 4, 2013 11:09 AM, "calguy2123" wrote:
                  > >
                  > > > **
                  >
                  > > >
                  > > >
                  > > > I will try it tonight, but do you think Samba3 'will' work.. or is it
                  > > > still in trial and error stage.
                  > > >
                  > > > I see the pogoplug is mount NTFS drive as UFSD and is R/W accessible
                  > thru
                  > > > samba. Would NFS also be able share it?
                  > > >
                  > > > thanks!
                  > > >
                  > > > --- In nslu2-general@yahoogroups.com, "oddballhero" wrote:
                  > > > >
                  > > > > Actually Samba2 has some volume space reporting errors so I usually
                  > > > suggest installing Samba3.X now. Seems to be working well with my
                  > plugs and
                  > > > slugs. See bottom of
                  > http://www.nslu2-linux.org/wiki/Optware/Plugadditionsto upgrade Samba2 to
                  > Samba3.
                  >
                  > > > >
                  > > > > --- In nslu2-general@yahoogroups.com, "kradziwon" wrote:
                  > > > > >
                  > > > > > Thanks, oddballhero. After looking around a bit... Looks like
                  > MacOS X
                  > > > 10.8 has little if any support for earlier versions of Samba.
                  > Apparently I
                  > > > upgraded both my servers and my Macs right past a whole load of
                  > trouble in
                  > > > this area so the only advice I can give is to upgrade Samba or use NFS
                  > as
                  > > > an alternative.
                  > > > > >
                  > > > > > --- In nslu2-general@yahoogroups.com, "oddballhero" wrote:
                  > > > > > >
                  > > > > > > ooops
                  > > > > > > Here is the link
                  > > > http://tech.groups.yahoo.com/group/nslu2-general/message/8806
                  > > > > > > --- In nslu2-general@yahoogroups.com, "oddballhero" wrote:
                  > > > > > > >
                  > > > > > > > Kevin, see calguy2123's post with his smb.conf
                  > > > > > > >
                  > > > > > > > --- In nslu2-general@yahoogroups.com, Kevin Radziwon wrote:
                  > > > > > > > >
                  > > > > > > > > With the requisite software you could certainly use NFS
                  > shares
                  > > > but I can't imagine that it would be too difficult to get Samba
                  > working.
                  > > > How exactly were you mounting the SMB shares in the past? Can you post
                  > your
                  > > > smb.conf?
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > > ________________________________
                  > > > > > > > > From: calguy2123
                  > > > > > > > > To: nslu2-general@yahoogroups.com
                  > > > > > > > > Sent: Wednesday, January 2, 2013 7:57 PM
                  > > > > > > > > Subject: [nslu2-general] Re: samba2 on pogoplug not
                  > accessible
                  > > > from mac
                  > > > > > > > >
                  > > > > > > > > I'm not using avahi, just vanilla smb. Is it possible to
                  > create
                  > > > NFS mounts on pogoplug? There is an app called mucommamder which I can
                  > use
                  > > > to browse the samba share, but it's not the same thing as a mounted
                  > volume.
                  > > > > > > > >
                  > > > > > > > > --- In nslu2-general@yahoogroups.com, Richard Hughes wrote:
                  > > > > > > > > >
                  > > > > > > > > > You da man! I forgot the specific port.
                  > > > > > > > > >
                  > > > > > > > > > On Wed, Jan 2, 2013 at 10:37 AM, Kevin Radziwon wrote:
                  > > > > > > > > >
                  > > > > > > > > > > **
                  > > > > > > > > > >
                  > > > > > > > > > >
                  > > > > > > > > > > If using ZeroConf (Avahi)...
                  > > > > > > > > > >
                  > > > > > > > > > > Check /etc/avahi/services/samba.service to make sure
                  > port is
                  > > > set to 445
                  > > > > > > > > > > (old port was 139).
                  > > > > > > > > > >
                  > > > > > > > > > > ________________________________
                  > > > > > > > > > > From: calguy2123
                  > > > > > > > > > > To: nslu2-general@yahoogroups.com
                  > > > > > > > > > > Sent: Tuesday, January 1, 2013 8:35 PM
                  > > > > > > > > > > Subject: [nslu2-general] samba2 on pogoplug not
                  > accessible
                  > > > from mac
                  > > > > > > > > > >
                  > > > > > > > > > >
                  > > > > > > > > > > I have optware with samba2 installed on pogoplug and the
                  > > > shares are
                  > > > > > > > > > > accessible from every where on the network, except mac
                  > > > (mountain lion).
                  > > > > > > > > > > When I try to connect, I get a message back that the
                  > version
                  > > > of the server
                  > > > > > > > > > > is not supported. Any clues/workarounds?
                  > > > > > > > > > >
                  > > > > > > > > > > ------------------------------------
                  > > > > > > > > > >
                  > > > > > > > > > > Yahoo! Groups Links
                  > > > > > > > > > >
                  > > > > > > > > > >
                  > > > > > > > > > > [Non-text portions of this message have been removed]
                  > > > > > > > > > >
                  > > > > > > > > > >
                  > > > > > > > > > >
                  > > > > > > > > >
                  > > > > > > > > >
                  > > > > > > > > > [Non-text portions of this message have been removed]
                  > > > > > > > > >
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > > ------------------------------------
                  > > > > > > > >
                  > > > > > > > > Yahoo! Groups Links
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > >
                  > > > > > > > > [Non-text portions of this message have been removed]
                  > > > > > > > >
                  > > > > > > >
                  > > > > > >
                  > > > > >
                  > > > >
                  > > >
                  > > >
                  > > >
                  > >
                  > >
                  > > [Non-text portions of this message have been removed]
                  > >
                  >
                  >
                  >


                  [Non-text portions of this message have been removed]
                Your message has been successfully submitted and would be delivered to recipients shortly.