This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Can anyone explain this vulnerability in more detail "Service Enum Through SMB ServiceEnum2"

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Can anyone explain this vulnerability in more detail "Service Enum Through SMB ServiceEnum2"

Go to solution
u11712
Not applicable

‎02-01-2013 09:19 AM

I am trying to find more detail on what this vulnerability is and what could possibly be triggering it in a Windows Server environment.  I am thinking that it might be a mis-configured service or application native to Windows Server but looking for a system expert to confirm or deny that theory.

When I look it up in the Threat Vault all it says is the flowing (which is far from helpful):

Service Enum Through SMB ServiceEnum2

Overview

Attack NameService Enum Through SMB ServiceEnum2
DescriptionRemote Enum Service Through SMB By ServiceEnum2 function number
Threat ID30867
Referenceshttps://threatvault.paloaltonetworks.com/Home/ThreatDetail/30867
Severityinformational
Categoryinfo-leak
Labels:
0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
mikand
L6 Presenter

‎02-01-2013 11:01 AM

Someone or something tried to list which users are logged in to your server by using the SMB ServiceEnum2 function.

This is classified as informational so its in most cases nothing bad.

But it can be worth investigating which ipaddresses performs these lookups and perhaps whitelist those and then trigger an alert if someone else other than these sourceip's performs such enumeration (for example an intruder).

For more information (similar stuff):

http://nmap.org/nsedoc/scripts/smb-enum-users.html

- SMB enum services over \srvsvc infos SecuObs - L'observatoire de la sécurite internet - Si...

View solution in original post

0 Likes Likes
1 REPLY 1

Go to solution
mikand
L6 Presenter

‎02-01-2013 11:01 AM

Someone or something tried to list which users are logged in to your server by using the SMB ServiceEnum2 function.

This is classified as informational so its in most cases nothing bad.

But it can be worth investigating which ipaddresses performs these lookups and perhaps whitelist those and then trigger an alert if someone else other than these sourceip's performs such enumeration (for example an intruder).

For more information (similar stuff):

http://nmap.org/nsedoc/scripts/smb-enum-users.html

- SMB enum services over \srvsvc infos SecuObs - L'observatoire de la sécurite internet - Si...

0 Likes Likes
  • 1 accepted solution
  • 8066 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks