just for info…
https://www.samba.org/samba/security/CVE-2017-7494.html
https://lists.samba.org/archive/samba-announce/2017/000406.html
https://access.redhat.com/security/cve/cve-2017-7494
First tests:
- trying to access shared folders from Win 10 Pro, not joined into domain:
- without modified smb.conf -> can access the server
- with modified smb.conf -> can’t access the server
From here: https://access.redhat.com/security/cve/cve-2017-7494
"Mitigation
Add the parameter:
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints. Note this can disable some expected functionality for Windows clients."
I will try also from Win 10 Pro, joined into domain.
EDIT:
UPDATE: Same situation with domain member (Win 10 Pro).
i’ve forgot to write “if someone has some time it would be nice to test the mitigation workaround” with a windows client.I thought I would add it after lunch… Clearly you’ve been faster than my lunch
thank you for your test @GG_jr
btw it seems there are already new packages from rh, so i think We will not have to wait too much for the fix
https://access.redhat.com/errata/RHSA-2017:1270
From the DC side, I’ve just installed the testing version on my production server! Ready for testing:
yum --enablerepo=nethserver-testing update nethserver-dc
The DC upgrade to 4.6.4 is manual and must be started from “Accounts provider” page.