[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10

Harry Jede walk2sun at arcor.de
Thu Apr 26 09:32:37 UTC 2018

Am Donnerstag, 26. April 2018, 14:25:52 CEST schrieb Shashi Kanth 
Boddula via samba:
> Hello Rowland,
> I do not have support contract with RedHat, and due to some
> application dependency i have to be on 5.8. No choice for me to
> upgrade the OS. I have choice to upgrade Samba from 3.5 to 3.6.6
> through RPMs, but i am not really sure whether it solves my core
> issue.
> Coming back to my original query " CIFS Null Session  vulnerability ",
> just i would like to understand whether any smb3.conf parameters
> which can help me here, or this is something a known issue which is
> not implemented in complete 3.X versions, or only 4.X versions can
> solve this issue. Please let me know.
Hi Shashi,
I am just a samba user not a developer. Your antique redhat version has 
support for kvm. So you may install a rpm based distri i.e. centos or fedora 
in a vm. Before you decide which os you install check for the avaiability of 
samba 4.7.7 or 4.8.1 package.

kvm based vm can operate with near native speed of the underlying 


	Harry Jede

More information about the samba mailing list