Hello, does anyone know or able to confirm if Samba CVE-2017-7494 affects Samba 3.6.25 on Freebsd 9.x? https://lists.samba.org/archive/samba-announce/2017/000406.html dg
Hi, you could try this nmap script: https://gist.github.com/wongwaituck/62c863ba7aa28a2d22d0fe9cbe14a18b However, it does not check if the service is indeed attackable but it could be a good first hint. At the moment I does not have a FreeBSD 9 to test it, though. Best, Karsten On 29.05.2017 18:53, Darko Gavrilovic wrote:> Hello, does anyone know or able to confirm if Samba CVE-2017-7494 > affects Samba 3.6.25 on Freebsd 9.x? > > https://lists.samba.org/archive/samba-announce/2017/000406.html > > > > dg > _______________________________________________ > freebsd-security at freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe at freebsd.org" >
On 29 May 2017, at 18:53, Darko Gavrilovic <d.gavrilovic at gmail.com> wrote:> > Hello, does anyone know or able to confirm if Samba CVE-2017-7494 > affects Samba 3.6.25 on Freebsd 9.x? > > https://lists.samba.org/archive/samba-announce/2017/000406.htmlThe advisory very clearly says "all versions of Samba from 3.5.0 onwards", so yes. In addition, the 3.x series is dead, and completely unsupported. It is probably wise to upgrade, for example to 4.6.4. -Dimitry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 194 bytes Desc: Message signed with OpenPGP URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170529/320f1213/attachment.sig>