What Version of Samba is included in 4.1.9? (CVE-2012-1182)
As I am a bit worried about the recent critical Samba vulnerability (CVE-2012-1182 "root" credential remote code execution) I'd like to know which version of Samba will be included in 4.1.9 and specifically if that vulnerability will be fixed.
Right now my only fix for that problem is mounting my NAS shares on another Linux box with a current Samba version, re-exposing all shares using that box and denying all other workstations access to the NAS using firewall rules on the router. This obviously is a very bad solution and I'd really like to get rid of that workaround as soon as possible...
Re: What Version of Samba is included in 4.1.9? (CVE-2012-11
I think the current beta has 3.5.12 for the service. Will likely be updated to latest 3.5.x before going final I would think but the ReadyNAS devs could comment on that.
Re: What Version of Samba is included in 4.1.9? (CVE-2012-11
You can find out what version you are using by selecting Status->Logs and downloading all the log files by clicking "Download All Logs". Then open up the ZIP file and inside should be smbd.log.
Here is what mine has:
4.1.9 (T6) == [2012/04/11 18:52:09, 0] smbd/server.c:1141(main) smbd version 3.5.12 started. Copyright Andrew Tridgell and the Samba Team 1992-2010
4.1.9 (T2) == [2012/04/11 19:11:21, 0] smbd/server.c:main(942) smbd version 3.0.37 started. Copyright Andrew Tridgell and the Samba Team 1992-2009
Re: What Version of Samba is included in 4.1.9? (CVE-2012-11
Thanks for the info. I don't really feel like using the beta on my box, so I couldn't install it myself in order to have a look at the versions. I hope we get 3.5.14 in the final release - but I guess that's something the devs will make sure to include as that vulnerability really is quite critical.
Re: What Version of Samba is included in 4.1.9? (CVE-2012-11
I searched and found this thread after reading about the SAMBA vulnerability. Has anyone tried manually updating smb on their readynas? I only have a production server so I'm hesitant to.
The latest firmware available has me running 3.5.11 and that's very concerning.
Re: What Version of Samba is included in 4.1.9? (CVE-2012-11
Will 4.1.9 also address the recent OpenSSL vulnerability? That one wouldn't be as important for me as SSH access to my NAS is restricted to a few trusted clients, anyway, but it would be nice to know. 🙂
Is T9 in a state where one could risk to use it in a SoHo environment? I'm not asking for legally binding certification of that version, off course, just for a hint regarding the maturity of the current beta release.
