security vulnerabilities for samba
Jeremy Allison
jra at samba.org
Wed Oct 11 17:17:53 UTC 2017
On Tue, Oct 10, 2017 at 04:50:05PM +0530, Silambarasan Madhappan via samba-technical wrote:
> Hi,
>
>
>
> Samba has announce 3 CVE’s (CVE-2017-12150 CVE-2017-12151 CVE-2017-12163)
>
>
>
> Workaround is available for all CVE’s but workaround for
>
>
>
> CVE-2017-12151 :- *client max protocol = NT1* and
>
> CVE-2017-12163 :- *server min protocol = SMB2_02*
>
>
>
> are contradicting to each other.
>
>
>
> Please suggest how can work around for all CVE be implement in smb.conf.
Workarounds are only temporary things until you
can patch and upgrade. I'd suggest you just patch
and upgrade, as these all have fixes available.
More information about the samba-technical
mailing list