[Samba] CIFS Null Session Vulnerability Fix in Samba 3.5.10

Jurie Botha jurieb at gmail.com
Fri May 4 11:30:19 UTC 2018 

Is moving the SAMBA server to a different machine an option?

You need to keep RHEL 5.8 for software, but perhaps you could set up a
seperate SAMBA server on another machine running a up to date version of
CENTOS, Debian etc with SAMBA 4.8?

Just a  suggestion that could solve your issue.

If your app is dependant on the SAMBA share you could alway mount the share
at the appropriate location on the RHEL server on boot via fstab. It's not
ideal and perhaps a bit messy but could work.

Hope this helps.

On 26 April 2018 at 10:55, Shashi Kanth Boddula via samba <
samba at lists.samba.org> wrote:

> Hello Rowland,
>
> I do not have support contract with RedHat, and due to some application
> dependency i have to be on 5.8. No choice for me to upgrade the OS. I have
> choice to upgrade Samba from 3.5 to 3.6.6 through RPMs, but i am not really
> sure whether it solves my core issue.
> Coming back to my original query " CIFS Null Session  vulnerability ", just
> i would like to understand whether any smb3.conf parameters which can help
> me here, or this is something a known issue which is not implemented in
> complete 3.X versions, or only 4.X versions can solve this issue. Please
> let me know.
>
>
>
>
>
> On Thu, Apr 26, 2018 at 1:53 PM, Rowland Penny via samba <
> samba at lists.samba.org> wrote:
>
> > On Thu, 26 Apr 2018 12:41:24 +0530
> > Shashi Kanth Boddula via samba <samba at lists.samba.org> wrote:
> >
> > >  Hi Volker,
> > >
> > > I am not finding anywhere the Samba 4.X RPMs for RHEL 5.X platform.
> > > Please share if you know any place from where i can download. I am
> > > afraid to build from source code.
> > >
> >
> > Why can you not contact red hat for help ? do you not have a support
> > contract ?
> >
> > As Volker has pointed out, the 3.5 series is well out of Samba support
> > and the only possible way to fix your problem is to upgrade Samba.
> >
> > The only problem is, I am not sure you will be able to build the
> > latest Samba code on RHEL 5.8, it is highly likely that some of the
> > required package versions will not be available.
> >
> > I think that you need to not only upgrade Samba, you need to upgrade
> > your OS. If you don't have a contract with red hat, you could use
> > Centos or Scientific Linux instead.
> >
> > Rowland
> >
> >
> >
> > --
> > To unsubscribe from this list go to the following URL and read the
> > instructions:  https://lists.samba.org/mailman/options/samba
> >
>
>
>
> --
> Thanks & Regards,
> Shashi Kanth
> 9886455567
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
>



-- 
Thanks & Regards
Jurie Botha


"All that is required for evil to prevail is for good men to do nothing."
--  Edmund Burke

“Of course we must fear evil men, but there is another evil that we must
fear more… and that is the indifference of good men.” -- Monsignor

More information about the samba mailing list