security vulnerabilities for samba

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

security vulnerabilities for samba

Samba - samba-technical mailing list
Hi,



Samba has announce  3 CVE’s (CVE-2017-12150 CVE-2017-12151 CVE-2017-12163)



Workaround is available for all CVE’s but workaround for



CVE-2017-12151 :- *client max protocol = NT1* and

CVE-2017-12163 :-  *server min protocol = SMB2_02*



are contradicting to each other.



Please suggest how can work around for all CVE be implement in smb.conf.



Regards,

Silambarasan
Reply | Threaded
Open this post in threaded view
|

Re: security vulnerabilities for samba

Samba - samba-technical mailing list
On Tue, Oct 10, 2017 at 04:50:05PM +0530, Silambarasan Madhappan via samba-technical wrote:

> Hi,
>
>
>
> Samba has announce  3 CVE’s (CVE-2017-12150 CVE-2017-12151 CVE-2017-12163)
>
>
>
> Workaround is available for all CVE’s but workaround for
>
>
>
> CVE-2017-12151 :- *client max protocol = NT1* and
>
> CVE-2017-12163 :-  *server min protocol = SMB2_02*
>
>
>
> are contradicting to each other.
>
>
>
> Please suggest how can work around for all CVE be implement in smb.conf.

Workarounds are only temporary things until you
can patch and upgrade. I'd suggest you just patch
and upgrade, as these all have fixes available.

Reply | Threaded
Open this post in threaded view
|

Re: security vulnerabilities for samba

Samba - samba-technical mailing list
Hi ,

Thanks for your response.

As mentioned in CVE-2017-12151 subject and summary - SMB3 connections is
impacted.
Please let us know use *client max protocol = SMB2* as a workaround.

Regards,
Silambarasan



On Wed, Oct 11, 2017 at 10:47 PM, Jeremy Allison <[hidden email]> wrote:

> On Tue, Oct 10, 2017 at 04:50:05PM +0530, Silambarasan Madhappan via
> samba-technical wrote:
> > Hi,
> >
> >
> >
> > Samba has announce  3 CVE’s (CVE-2017-12150 CVE-2017-12151
> CVE-2017-12163)
> >
> >
> >
> > Workaround is available for all CVE’s but workaround for
> >
> >
> >
> > CVE-2017-12151 :- *client max protocol = NT1* and
> >
> > CVE-2017-12163 :-  *server min protocol = SMB2_02*
> >
> >
> >
> > are contradicting to each other.
> >
> >
> >
> > Please suggest how can work around for all CVE be implement in smb.conf.
>
> Workarounds are only temporary things until you
> can patch and upgrade. I'd suggest you just patch
> and upgrade, as these all have fixes available.
>