Skip to main content
NetApp Knowledge Base

CIFS NULL session permitted against SVM data connections in clustered Data ONTAP

Views:
295
Visibility:
Public
Votes:
1
Category:
clustered-data-ontap-8
Specialty:
nas
Last Updated:

Applies to

  • Product Model: V3250
  • OS: Clustered Data ONTAP 8.2P4 (Any version of clustered Data ONTAP prior to 8.2.2RC1)

Issue

CIFS NULL session permitted against Storage Virtual Machine (SVM) data connections in clustered Data ONTAP.

For more information, see the following links:

NULL sessions allow anonymous users to establish unauthenticated CIFS sessions with Windows or third-party CIFS implementations such as Samba or the Solaris CIFS Server. These anonymous users might be able to enumerate local users, groups, servers, shares, domains, domain policies, and might be able to access various MSRPC services through RPC function calls. These services have been historically affected by numerous vulnerabilities. The wealth of information available to attackers through NULL sessions might also allow them to carry out more sophisticated attacks.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

Scan to view the article on your device