[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10

Rowland Penny rpenny at samba.org
Thu Apr 26 09:13:06 UTC 2018

On Thu, 26 Apr 2018 14:25:52 +0530
Shashi Kanth Boddula <shashi.bsd at gmail.com> wrote:

> Hello Rowland,
> I do not have support contract with RedHat, and due to some
> application dependency i have to be on 5.8. No choice for me to
> upgrade the OS. I have choice to upgrade Samba from 3.5 to 3.6.6
> through RPMs, but i am not really sure whether it solves my core
> issue.

If you can upgrade to 3.6.6 then this may help. However, the 3.6 series
is also EOL as far as Samba is concerned, so if it doesn't help, then
your only option is to upgrade to a Samba supported version and this
will undoubtedly mean upgrading your OS.
> Coming back to my original query " CIFS Null Session
> vulnerability ", just i would like to understand whether any
> smb3.conf parameters which can help me here, or this is something a
> known issue which is not implemented in complete 3.X versions, or
> only 4.X versions can solve this issue. Please let me know.

Your problem is that windows needs something that your very old
version of Samba cannot supply and I don't think that any amount of
tinkering with smb.conf is going to help, you need to upgrade Samba.


More information about the samba mailing list