Skip navigation

Major Security Issue: I can see my entire Mountain Lion Server HD from Windows 7 Client!!

217 Views 2 Replies Latest reply: Feb 4, 2013 7:15 AM by cseshag RSS
cseshag Calculating status...
Currently Being Moderated
Feb 3, 2013 1:23 PM

I am working on setting up an OS X Server from home use - primarily for serving media, etc.

 

The household has mostly become a Mac household (which is why I decided try transitioning the server from Windows Home Server to OS X Server), but we do have a couple of Windows machines left, including some Windows VMs I use for development purposes.

 

Anyway, I started slowly in setting up the Server, and I've just started to test the File Sharing service. I left the default folders that OS X Server starts with for now. Aside from that, I setup two folders - one for Home Folders for network users, and one for general sharing to test the setup.

 

I logged into a Win 7 virtual machine and went to the Network for starters, just to see if Windows would see the Server on the network. Sure enough, the server was listed in the network computers. However, when I opened up the Server computer, it listed all the shares as well as the two hard drives I have installed in the Server machine (one SSD for the OS and a second RAID 1 for all the data/media)!!

 

I was really surprised by this seemingly huge security issue. I am able to see the entire directory structure of the Boot Hard Drive. As an example, I can go into the Applications folder and copy files directly from the Applications folder to the local machine. Interestingly, it blocks me from accessing the User folders for the local users of the Server machine. I am even able to write to the Applications folder. And, it's important to note that I never even had to put in any credentials.

 

Has anyone else encountered this problem?? I have tried to find something like this online, but most of what I run into is the exact opposite - people who are unable to access their shared folders.

 

I would greatly appreciate ANY assistance. If it helps, I am running Mountain Lion (10.8.2) with Server v2.2. The VM I tested the sharing from is running Windows 7 Enterprise under VMWare Fusion.

 

Thanks!

 

Chandran

Mac Pro, OS X Mountain Lion (10.8.2)

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.