kultax Posted February 24, 2015 Share Posted February 24, 2015 While the ports associated with file-sharing should never be exposed outside of your local LAN, I was still a bit concerned about the following vulnerability: https://www.samba.org/samba/security/CVE-2015-0240 Is unRAID affected? I haven't had a chance to look at which version ships with the latest 5.x stable release, so I thought I would ask. Thanks, --Tom Quote Link to comment
WeeboTech Posted February 24, 2015 Share Posted February 24, 2015 A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. Looks like unRAID 5.0.6 is. root@unRAID:~# cat /etc/unraid-version ; smbd --version version=5.0.6 Version 3.6.21 I'm not running unRAID 6-beta 13 or 14 so someone else will need to provide the version number there. Quote Link to comment
StevenD Posted February 24, 2015 Share Posted February 24, 2015 A patch addressing this defect has been posted to http://www.samba.org/samba/security/ Additionally, Samba 4.2.0rc5, 4.1.17, 4.0.25 and 3.6.25 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches/. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible. ========== Workaround ========== On Samba versions 4.0.0 and above, add the line: rpc_server:netlogon=disabled to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available. Looks like unRAID 5.0.6 is. root@unRAID:~# cat /etc/unraid-version ; smbd --version version=5.0.6 Version 3.6.21 I'm not running unRAID 6-beta 13 or 14 so someone else will need to provide the version number there. root@nas:~# cat /etc/unraid-version ; smbd --version version="6.0-beta14" Version 4.1.16 Quote Link to comment
NAS Posted February 25, 2015 Share Posted February 25, 2015 At first when I seen this I assumed we must be running our own compiled version of samba as there has been no upstream Slackware announcements on this. However this turns out not to be true as Slackware is @ "samba-4.1.16-x86_64-1.txz" I worry that we have a double delay here with Slackware and then us picking it up. Nice post though I would have missed it. Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.