samba - Apr 2018 - CIFS Null Session Vulnerability Fix in Samba 3.5.10

Hi Volker,

I am not finding anywhere the Samba 4.X RPMs for RHEL 5.X platform. Please
share if you know any place from where i can download. I am afraid to build
from source code.

On Thu, Apr 26, 2018 at 11:01 AM, Volker Lendecke <Volker.Lendecke at
sernet.de
> wrote:
> On Thu, Apr 26, 2018 at 04:21:39AM +0530, Shashi Kanth Boddula wrote:
> > Reaching to RedHat is not the option for me right now, could you
please
> > tell me are there any configuration parameters in smb.conf which will
> avoid
> > issuing NULL or  Anonymous  connections or sessions.
>
> Your only real option is to upgrade to a supported version. I'm sure
> with Samba 4.8 you won't have a problem anymore. If you still
> experience difficulties with 4.8 (or 4.6/4.7), I'm sure you will find
> more help here.
>
> With best regards,
>
> Volker Lendecke
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9
> AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
> http://www.sernet.de, mailto:kontakt at sernet.de
>


-- 
Thanks & Regards,
Shashi Kanth
9886455567

On Thu, 26 Apr 2018 12:41:24 +0530
Shashi Kanth Boddula via samba <samba at lists.samba.org> wrote:
>  Hi Volker,
> 
> I am not finding anywhere the Samba 4.X RPMs for RHEL 5.X platform.
> Please share if you know any place from where i can download. I am
> afraid to build from source code.
> 
Why can you not contact red hat for help ? do you not have a support
contract ?

As Volker has pointed out, the 3.5 series is well out of Samba support
and the only possible way to fix your problem is to upgrade Samba.

The only problem is, I am not sure you will be able to build the
latest Samba code on RHEL 5.8, it is highly likely that some of the
required package versions will not be available.

I think that you need to not only upgrade Samba, you need to upgrade
your OS. If you don't have a contract with red hat, you could use
Centos or Scientific Linux instead.

Rowland

Hello Rowland,

I do not have support contract with RedHat, and due to some application
dependency i have to be on 5.8. No choice for me to upgrade the OS. I have
choice to upgrade Samba from 3.5 to 3.6.6 through RPMs, but i am not really
sure whether it solves my core issue.
Coming back to my original query " CIFS Null Session  vulnerability ",
just
i would like to understand whether any smb3.conf parameters which can help
me here, or this is something a known issue which is not implemented in
complete 3.X versions, or only 4.X versions can solve this issue. Please
let me know.





On Thu, Apr 26, 2018 at 1:53 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:
> On Thu, 26 Apr 2018 12:41:24 +0530
> Shashi Kanth Boddula via samba <samba at lists.samba.org> wrote:
>
> >  Hi Volker,
> >
> > I am not finding anywhere the Samba 4.X RPMs for RHEL 5.X platform.
> > Please share if you know any place from where i can download. I am
> > afraid to build from source code.
> >
>
> Why can you not contact red hat for help ? do you not have a support
> contract ?
>
> As Volker has pointed out, the 3.5 series is well out of Samba support
> and the only possible way to fix your problem is to upgrade Samba.
>
> The only problem is, I am not sure you will be able to build the
> latest Samba code on RHEL 5.8, it is highly likely that some of the
> required package versions will not be available.
>
> I think that you need to not only upgrade Samba, you need to upgrade
> your OS. If you don't have a contract with red hat, you could use
> Centos or Scientific Linux instead.
>
> Rowland
>
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>


-- 
Thanks & Regards,
Shashi Kanth
9886455567