[Samba] Due to CVE in windows, disable SMB3 compression.

Jeremy Allison jra at samba.org
Wed Mar 11 16:24:15 UTC 2020

On Wed, Mar 11, 2020 at 02:45:09PM +0100, Stefan G. Weichinger via samba wrote:
> Am 11.03.20 um 11:46 schrieb L.P.H. van Belle via samba:
> > https://portal.msrc.micro...idance/advisory/adv200005
> > Published: 03/10/2020
> >  
> > Workarounds
> These workarounds are only applicable on MS Windows server machines, right?
> Is Samba even affected?

What what I understand, no - thank goodness. Sometimes it's an
advantage in being a little slower adding features :-).

Looks like an error in the underlying compression library
code to me - that can be really nasty.

Fuzz, fuzz and fuzz again.

> This leads (me) to another topic which I want to ask for quite some time
> now (maybe another thread would be better):
> What about the AD-vulnerability in general that attackers like the
> emotet-hackers exploit?
> Is a samba-DC-based AD safer or stronger than a windows-DC-based AD?

Hard question to answer. The safest thing to say is
that we'll have *different* bugs to a Windows based AD.

So not putting all your DC eggs in one basket might be
a good idea.


More information about the samba mailing list