Skip to main content
NetApp Knowledge Base

CIFS NULL session permitted against SVM data connections in clustered Data ONTAP

Views:
128
Visibility:
Public
Votes:
0
Category:
clustered-data-ontap-8
Specialty:
cifs
Last Updated:

Applies to

  • Product Model: V3250
  • OS: Clustered Data ONTAP 8.2P4 (Any version of clustered Data ONTAP prior to 8.2.2RC1)

Issue

CIFS NULL session permitted against Storage Virtual Machine (SVM) data connections in clustered Data ONTAP.

For more information, see the following links:

NULL sessions allow anonymous users to establish unauthenticated CIFS sessions with Windows or third-party CIFS implementations such as Samba or the Solaris CIFS Server. These anonymous users might be able to enumerate local users, groups, servers, shares, domains, domain policies, and might be able to access various MSRPC services through RPC function calls. These services have been historically affected by numerous vulnerabilities. The wealth of information available to attackers through NULL sessions might also allow them to carry out more sophisticated attacks.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support

 

******************************************************* *******************************************************