CVE
- Id
- 517
- CVE No.
- CVE-1999-0520
- Status
- Candidate
- Description
- A system-critical NETBIOS/SMB share has inappropriate access control.
- Phase
- Proposed (19990803)
- Votes
- ACCEPT(1) Wall | MODIFY(1) Frech | NOOP(1) Baker | RECAST(1) Northcutt | REJECT(1) LeBlanc | REVIEWING(1) Christey
- Comments
- Northcutt> I think we need to enumerate the shares and or the access control | Christey> One question is, what is "inappropriate"? It"s probably | very dependent on the policy of the enterprise on which | this is found. And should writable shares be different | from readable shares? (Or file systems, mail spools, etc.) | Yes, the impact may be different, but we could have a | large number of entries for each possible type of access. | A content decision (CD:CF-DATA) needs to be reviewed | and accepted by the Editorial Board in order to resolve | this question. | LeBlanc> Unacceptably vague - agree with Christey"s comments. | Frech> associated to: | XF:nt-netbios-everyoneaccess(1) | XF:nt-netbios-guestaccess(2) | XF:nt-netbios-allaccess(3) | XF:nt-netbios-open(15) | XF:nt-netbios-write(19) | XF:nt-netbios-shareguest(20) | XF:nt-writable-netbios(26) | XF:nb-rootshare(393) | XF:decod-smb-password-empty(2358)
