NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

PHolder's avatar
PHolder
Aspirant
May 25, 2017
Solved

Any plans for Samba fix for CVE-2017-7494 ?

I posted elsewhere about this, but CVE-2017-7494 NEEDs to be patched on any device still in operation, and I think that includes the older, technically out of support models that I have 6 of.   Wit...
CVE-2017-7494
File Sharing
Other Discussions
Security
SMB
WannaCry
sfriis's avatar
sfriis
Tutor
May 26, 2017

I just upgraded to 6.7.3, but appearantly smbd is still v 4.4.9:

Welcome to ReadyNASOS 6.7.3

Last login: Fri May 26 12:58:49 2017 from xxxxx
root@xxxxxx:~# smbd --version
Version 4.4.9
root@xxxxxx:~#

Am I missing something??

  • ctechs's avatar
    ctechs
    Apprentice
    May 26, 2017

    Since this was a point release, the netgear team likely backported the fix instead of upgrading samba to the latest and greatest, to avoid breaking things.

    • mdgm-ntgr's avatar
      mdgm-ntgr
      NETGEAR Employee Retired
      May 26, 2017
      ctechs wrote:

      Since this was a point release, the netgear team likely backported the fix instead of upgrading samba to the latest and greatest, to avoid breaking things.

      Exactly. In time we'll move to a newer version of samba on OS6, but for now we backported the fix.

      If you look at packages.log (or do a dpkg -l) you'll see that the netgearx at the end of the version of the samba package is incremented by one (where x is a number) compared with the logs you downloaded before updating to 6.7.3. That indicates that we've added some more patches to the samba 4.4.9 code.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

Learn More