[Samba] Due to CVE in windows, disable SMB3 compression.
Jeremy Allison
jra at samba.org
Wed Mar 11 16:24:15 UTC 2020
On Wed, Mar 11, 2020 at 02:45:09PM +0100, Stefan G. Weichinger via samba wrote:
> Am 11.03.20 um 11:46 schrieb L.P.H. van Belle via samba:
> > https://portal.msrc.micro...idance/advisory/adv200005
> > Published: 03/10/2020
> >
> > Workarounds
>
> These workarounds are only applicable on MS Windows server machines, right?
>
> Is Samba even affected?
What what I understand, no - thank goodness. Sometimes it's an
advantage in being a little slower adding features :-).
Looks like an error in the underlying compression library
code to me - that can be really nasty.
Fuzz, fuzz and fuzz again.
> This leads (me) to another topic which I want to ask for quite some time
> now (maybe another thread would be better):
>
> What about the AD-vulnerability in general that attackers like the
> emotet-hackers exploit?
>
> Is a samba-DC-based AD safer or stronger than a windows-DC-based AD?
Hard question to answer. The safest thing to say is
that we'll have *different* bugs to a Windows based AD.
So not putting all your DC eggs in one basket might be
a good idea.
Jeremy.
More information about the samba
mailing list