[Samba] Samba and MS15-011?
Jeremy Allison
jra at samba.org
Mon Feb 16 18:28:56 MST 2015
On Mon, Feb 16, 2015 at 05:40:51PM +0100, Sven Schwedas wrote:
> cf. https://support.microsoft.com/kb/3000483
>
> Seeing how this seems to affect both client and server side, is it
> possible (and safe) to enable Mutual Authentication and Integrity as
> explained in the KB entry?
As far as I've been able to determine (and right
now the details of this are not clear) this is a
change in client, not server code.
Also Microsoft did not give us any security warning
to us that Samba was vulnerable to this (which
they have been so kind to do in the past for
other vulernabilities), so I'm currently assuming
this doesn't affect Samba servers - until I learn
more.
If we hear any different (or more details make
things clear that we are affected) we'll update
the lists as soon as we know anything.
Cheers,
Jeremy.
More information about the samba
mailing list