[Samba] New version Samba matrix
Jonathan Buzzard
jonathan at buzzard.me.uk
Fri Jan 4 05:33:02 MST 2013
On 26/12/12 15:18, Novosielski, Ryan wrote:
> RHEL 3 I believe reached end of support (by RedHat, not Samba) in
> 2010. I believe RHEL 4 has since reached end of support as well. So
> unless the client is paying for RedHat extended life-cycle service or
> is off the network (unlikely he wants to interface with Samba), he
> should be off of that platform ASAP because he's no longer receiving
> any security patches.
>
It's worse than that. If I am not mistaken his RHEL3 box has a remote
root vulnerability curtsey of the Samba PIDL security hole from April
last year. Even the extended life-cycle service won't help because it
has a restricted list of services you can run which does not include Samba.
If there is genuinely an Oracle application that cannot be run in
anything later than RHEL3, then it needs to be run in a VM of some
description running nothing else apart from this and firewalled as
tightly as possible.
Anything else including the Samba stuff should be running in separate
VM's or different hardware. Running either RHEL4 or RHEL3 based
distributions for services other than is absolutely necessary is crazy
stupid; and IMHO a sacking offence.
JAB.
--
Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk
Fife, United Kingdom.
More information about the samba
mailing list