kultax Posted February 24, 2015 Share Posted February 24, 2015 While the ports associated with file-sharing should never be exposed outside of your local LAN, I was still a bit concerned about the following vulnerability: https://www.samba.org/samba/security/CVE-2015-0240 Is unRAID affected? I haven't had a chance to look at which version ships with the latest 5.x stable release, so I thought I would ask. Thanks, --Tom Link to comment
WeeboTech Posted February 24, 2015 Share Posted February 24, 2015 A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. Looks like unRAID 5.0.6 is. root@unRAID:~# cat /etc/unraid-version ; smbd --version version=5.0.6 Version 3.6.21 I'm not running unRAID 6-beta 13 or 14 so someone else will need to provide the version number there. Link to comment
StevenD Posted February 24, 2015 Share Posted February 24, 2015 A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. Looks like unRAID 5.0.6 is. root@unRAID:~# cat /etc/unraid-version ; smbd --version version=5.0.6 Version 3.6.21 I'm not running unRAID 6-beta 13 or 14 so someone else will need to provide the version number there. root@nas:~# cat /etc/unraid-version ; smbd --version version="6.0-beta14" Version 4.1.16 Link to comment
NAS Posted February 25, 2015 Share Posted February 25, 2015 At first when I seen this I assumed we must be running our own compiled version of samba as there has been no upstream Slackware announcements on this. However this turns out not to be true as Slackware is @ "samba-4.1.16-x86_64-1.txz" I worry that we have a double delay here with Slackware and then us picking it up. Nice post though I would have missed it. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.