X

Samba bug acknowledged by Apple, fix coming

Samba bug acknowledged by Apple, fix coming

CNET staff
2 min read

A security bug in Apple's implementation of Samba - which was first discovered here on MacFixIt in mid-February - has been officially recognized, and a solution is on its way.

The process to exploit the bug is as follows:

  1. Create or make sure you have at least two users that can "log in from Windows" (configured in the "Accounts" Preference Pane of System Preferences). One should be a general user ("jane" in this example), the other an administrator ("karen" in this example).
  2. Turn on "Windows File Sharing" in the "Sharing" Preference Pane of System Preferences, if it is not already on.
  3. Note the address to access jane's home folder, which is specifically mentioned in the Sharing Preference Pane. This will be in the format hostnamejane where "hostname" is the currently assigned hostname or IP address.
  4. On a Windows XP machine (with network access to the Mac, of course), open a new Explorer window.
  5. In the address bar or location field (I'm not sure the correct term to use), type the address noted in step 3: hostnamejane. A dialog box will open, asking for the username and password. Enter "jane", and her user password.
  6. Verify that you can navigate through jane's home folder.
  7. In the address bar, type the address noted in step 3, replacing the username with that of the administrator configured in step 1: hostnamekaren.

The result is that a username and password dialog box is not displayed. Access to "karen's" (in this example, an administrator) files are granted to the Windows XP machine.

Watch for more information as soon as Apple's fix is released.

Resources

  • first discovered
  • More from Late-Breakers