Samba CVE-2017-7494 and SMB implementation of FreeBSD 10 through 12
O. Hartmann
ohartmann at walstatt.org
Tue May 30 17:16:17 UTC 2017
Am Tue, 30 May 2017 19:14:42 +0200
Dimitry Andric <dim at FreeBSD.org> schrieb:
> On 30 May 2017, at 18:55, O. Hartmann <ohartmann at walstatt.org> wrote:
> >
> > Am Mon, 29 May 2017 23:47:46 +0200
> > Dimitry Andric <dim at FreeBSD.org> schrieb:
> >
> >> On 29 May 2017, at 18:53, Darko Gavrilovic <d.gavrilovic at gmail.com> wrote:
> >>>
> >>> Hello, does anyone know or able to confirm if Samba CVE-2017-7494
> >>> affects Samba 3.6.25 on Freebsd 9.x?
> >>>
> >>> https://lists.samba.org/archive/samba-announce/2017/000406.html
> >>
> >> The advisory very clearly says "all versions of Samba from 3.5.0
> >> onwards", so yes. In addition, the 3.x series is dead, and completely
> >> unsupported. It is probably wise to upgrade, for example to 4.6.4.
> >>
> >> -Dimitry
> >>
> >
> > I'm just curious and to have an answere at hand for my superiors:
> >
> > FreeBSD has a SMB implementation we uitlise with FreeBSD 10.3 and 11.0. Is FreeBSD's
> > implementation somehow affected by the bug revealed in SAMBA >= 3.6.25?
>
> If you mean smbfs, then that is an SMB *client* only, not a server.
> CVE-2017-7494 is specifically about an exploitable bug in Samba's SMB
> server component. FreeBSD does not provide any SMB server in the base
> system.
>
> That said, I don't know whether there are any security bugs in our smbfs
> client implementation. It is really a completely different matter. The
> code seems to have been largely unmaintained for years, though, so
> purely on that basis it does not inspire a great deal of confidence.
>
> -Dimitry
>
Thank you very much for these clear words!
Oliver
--
O. Hartmann
Ich widerspreche der Nutzung oder Übermittlung meiner Daten für
Werbezwecke oder für die Markt- oder Meinungsforschung (§ 28 Abs. 4 BDSG).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170530/69bade34/attachment.sig>
More information about the freebsd-security
mailing list