Michael Wandel
2020-Sep-19 12:42 UTC
[Samba] zerologon affect standalone smb server or not
Hello ML, are there information about the CVE-2020-1472 , whether this bug also infects samba Server without DC configuration (standalone smb Server) ? I'll did not find any information in the short time and can not decide if this systems are affected. Can you please help me, to clear my clouded brain. best regards Michael
On 19/09/2020 13:42, Michael Wandel via samba wrote:> Hello ML, > > are there information about the CVE-2020-1472 , whether this bug also infects samba Server without DC configuration (standalone smb Server) ? > > I'll did not find any information in the short time and can not decide if this systems are affected. > > Can you please help me, to clear my clouded brain. > > best regards > Michael > >If you read the release notes for the latest versions, posted here yesterday and available here: https://www.samba.org/samba/history/samba-4.12.7.html It states quite categorically that it only applies to Domain Controllers, so standalone servers and Unix domain members are not affected. Rowland
On 19/09/2020 14:00, Rowland penny via samba wrote:> > On 19/09/2020 13:42, Michael Wandel via samba wrote: >> Hello ML, >> >> are there information about the CVE-2020-1472 , whether this bug also >> infects samba Server without DC configuration (standalone smb Server) ? >> >> I'll did not find any information in the short time and can not decide >> if this systems are affected. >> >> Can you please help me, to clear my clouded brain. >> >> best regards >> Michael >> >> > If you read the release notes for the latest versions, posted here > yesterday and available here: > > https://www.samba.org/samba/history/samba-4.12.7.html > > It states quite categorically that it only applies to Domain > Controllers, so standalone servers and Unix domain members are not > affected. > > Rowland >@Rowland, Are you sure? The history notes say "(see "file servers and domain members" below) but there is no such section. You need to follow the link to https://www.samba.org/samba/security/CVE-2020-1472.html to find the information
Michael Wandel
2020-Sep-19 13:09 UTC
[Samba] zerologon affect standalone smb server or not
Thank you> Gesendet: Samstag, 19. September 2020 um 15:00 Uhr > Von: "Rowland penny via samba" <samba at lists.samba.org> > An: samba at lists.samba.org > Betreff: Re: [Samba] zerologon affect standalone smb server or not > > On 19/09/2020 13:42, Michael Wandel via samba wrote: > > Hello ML, > > > > are there information about the CVE-2020-1472 , whether this bug also infects samba Server without DC configuration (standalone smb Server) ? > > > > I'll did not find any information in the short time and can not decide if this systems are affected. > > > > Can you please help me, to clear my clouded brain. > > > > best regards > > Michael > > > > > If you read the release notes for the latest versions, posted here > yesterday and available here: > > https://www.samba.org/samba/history/samba-4.12.7.html >Thanks Rowland , that was the missing link.> It states quite categorically that it only applies to Domain > Controllers, so standalone servers and Unix domain members are not affected. > > Rowland > > > > -- > To unsubscribe from this list go to the following URL and read the > instructions: https://lists.samba.org/mailman/options/samba >