Shashi Kanth Boddula
2018-Apr-25 22:51 UTC
[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10
Hi Volker, Reaching to RedHat is not the option for me right now, could you please tell me are there any configuration parameters in smb.conf which will avoid issuing NULL or Anonymous connections or sessions. On Thu, Apr 26, 2018 at 12:49 AM, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:> On Wed, Apr 25, 2018 at 11:12:07PM +0530, Shashi Kanth Boddula via samba > wrote: > > I have Samba server 3.5.10 running on RHEL 5.8 platform and it has joined > > You should contact RedHat support for this. Upstream Samba 3.5 has > been out of support since Oct 11, 2013. > > Regards, Volker > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kontakt at sernet.de >-- Thanks & Regards, Shashi Kanth 9886455567
Volker Lendecke
2018-Apr-26 05:31 UTC
[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10
On Thu, Apr 26, 2018 at 04:21:39AM +0530, Shashi Kanth Boddula wrote:> Reaching to RedHat is not the option for me right now, could you please > tell me are there any configuration parameters in smb.conf which will avoid > issuing NULL or Anonymous connections or sessions.Your only real option is to upgrade to a supported version. I'm sure with Samba 4.8 you won't have a problem anymore. If you still experience difficulties with 4.8 (or 4.6/4.7), I'm sure you will find more help here. With best regards, Volker Lendecke -- SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen http://www.sernet.de, mailto:kontakt at sernet.de
Shashi Kanth Boddula
2018-Apr-26 07:11 UTC
[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10
Hi Volker, I am not finding anywhere the Samba 4.X RPMs for RHEL 5.X platform. Please share if you know any place from where i can download. I am afraid to build from source code. On Thu, Apr 26, 2018 at 11:01 AM, Volker Lendecke <Volker.Lendecke at sernet.de> wrote:> On Thu, Apr 26, 2018 at 04:21:39AM +0530, Shashi Kanth Boddula wrote: > > Reaching to RedHat is not the option for me right now, could you please > > tell me are there any configuration parameters in smb.conf which will > avoid > > issuing NULL or Anonymous connections or sessions. > > Your only real option is to upgrade to a supported version. I'm sure > with Samba 4.8 you won't have a problem anymore. If you still > experience difficulties with 4.8 (or 4.6/4.7), I'm sure you will find > more help here. > > With best regards, > > Volker Lendecke > > -- > SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen > phone: +49-551-370000-0, fax: +49-551-370000-9 > AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen > http://www.sernet.de, mailto:kontakt at sernet.de >-- Thanks & Regards, Shashi Kanth 9886455567