Samba CVE-2017-7494 and SMB implementation of FreeBSD 10 through 12
Dimitry Andric
dim at FreeBSD.org
Tue May 30 17:14:51 UTC 2017
On 30 May 2017, at 18:55, O. Hartmann <ohartmann at walstatt.org> wrote:
>
> Am Mon, 29 May 2017 23:47:46 +0200
> Dimitry Andric <dim at FreeBSD.org> schrieb:
>
>> On 29 May 2017, at 18:53, Darko Gavrilovic <d.gavrilovic at gmail.com> wrote:
>>>
>>> Hello, does anyone know or able to confirm if Samba CVE-2017-7494
>>> affects Samba 3.6.25 on Freebsd 9.x?
>>>
>>> https://lists.samba.org/archive/samba-announce/2017/000406.html
>>
>> The advisory very clearly says "all versions of Samba from 3.5.0
>> onwards", so yes. In addition, the 3.x series is dead, and completely
>> unsupported. It is probably wise to upgrade, for example to 4.6.4.
>>
>> -Dimitry
>>
>
> I'm just curious and to have an answere at hand for my superiors:
>
> FreeBSD has a SMB implementation we uitlise with FreeBSD 10.3 and 11.0. Is FreeBSD's
> implementation somehow affected by the bug revealed in SAMBA >= 3.6.25?
If you mean smbfs, then that is an SMB *client* only, not a server.
CVE-2017-7494 is specifically about an exploitable bug in Samba's SMB
server component. FreeBSD does not provide any SMB server in the base
system.
That said, I don't know whether there are any security bugs in our smbfs
client implementation. It is really a completely different matter. The
code seems to have been largely unmaintained for years, though, so
purely on that basis it does not inspire a great deal of confidence.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170530/b8f02c63/attachment.sig>
More information about the freebsd-security
mailing list