[Samba] zerologon affect standalone smb server or not
Rowland penny
rpenny at samba.org
Sat Sep 19 13:23:23 UTC 2020
On 19/09/2020 14:07, Nick Howitt via samba wrote:
>
>
> On 19/09/2020 14:00, Rowland penny via samba wrote:
>>
>> On 19/09/2020 13:42, Michael Wandel via samba wrote:
>>> Hello ML,
>>>
>>> are there information about the CVE-2020-1472 , whether this bug
>>> also infects samba Server without DC configuration (standalone smb
>>> Server) ?
>>>
>>> I'll did not find any information in the short time and can not
>>> decide if this systems are affected.
>>>
>>> Can you please help me, to clear my clouded brain.
>>>
>>> best regards
>>> Michael
>>>
>>>
>> If you read the release notes for the latest versions, posted here
>> yesterday and available here:
>>
>> https://www.samba.org/samba/history/samba-4.12.7.html
>>
>> It states quite categorically that it only applies to Domain
>> Controllers, so standalone servers and Unix domain members are not
>> affected.
>>
>> Rowland
>>
>
> @Rowland,
> Are you sure? The history notes say "(see "file servers and domain
> members" below) but there is no such section. You need to follow the
> link to https://www.samba.org/samba/security/CVE-2020-1472.html to
> find the information
>
>
Yes, I am sure, I am also sure that when the release notes were written,
everyone was so tired that they missed that the linked information
wasn't there, but you can find it if you follow the link to the HTML page.
Rowland
More information about the samba
mailing list