[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10

Shashi Kanth Boddula shashi.bsd at gmail.com
Thu Apr 26 08:55:52 UTC 2018

Hello Rowland,

I do not have support contract with RedHat, and due to some application
dependency i have to be on 5.8. No choice for me to upgrade the OS. I have
choice to upgrade Samba from 3.5 to 3.6.6 through RPMs, but i am not really
sure whether it solves my core issue.
Coming back to my original query " CIFS Null Session  vulnerability ", just
i would like to understand whether any smb3.conf parameters which can help
me here, or this is something a known issue which is not implemented in
complete 3.X versions, or only 4.X versions can solve this issue. Please
let me know.

On Thu, Apr 26, 2018 at 1:53 PM, Rowland Penny via samba <
samba at lists.samba.org> wrote:

> On Thu, 26 Apr 2018 12:41:24 +0530
> Shashi Kanth Boddula via samba <samba at lists.samba.org> wrote:
> >  Hi Volker,
> >
> > I am not finding anywhere the Samba 4.X RPMs for RHEL 5.X platform.
> > Please share if you know any place from where i can download. I am
> > afraid to build from source code.
> >
> Why can you not contact red hat for help ? do you not have a support
> contract ?
> As Volker has pointed out, the 3.5 series is well out of Samba support
> and the only possible way to fix your problem is to upgrade Samba.
> The only problem is, I am not sure you will be able to build the
> latest Samba code on RHEL 5.8, it is highly likely that some of the
> required package versions will not be available.
> I think that you need to not only upgrade Samba, you need to upgrade
> your OS. If you don't have a contract with red hat, you could use
> Centos or Scientific Linux instead.
> Rowland
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba

Thanks & Regards,
Shashi Kanth

More information about the samba mailing list