NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

PHolder's avatar
PHolder
Aspirant
May 25, 2017
Solved

Any plans for Samba fix for CVE-2017-7494 ?

I posted elsewhere about this, but CVE-2017-7494 NEEDs to be patched on any device still in operation, and I think that includes the older, technically out of support models that I have 6 of.

 

With Microsoft recommending disabling SMB 1.0 because of Wannacry and related security issues, it seems like an ideal time for Netgear to show some leadership and update SMB on all it's devices to address this security issue and to allow people to use older devcies with SMB 2 or 3 support.

19 Replies

    • sfriis's avatar
      sfriis
      Tutor

      I just upgraded to 6.7.3, but appearantly smbd is still v 4.4.9:

      Welcome to ReadyNASOS 6.7.3

      Last login: Fri May 26 12:58:49 2017 from xxxxx
      root@xxxxxx:~# smbd --version
      Version 4.4.9
      root@xxxxxx:~#

      Am I missing something??

      • ctechs's avatar
        ctechs
        Apprentice

        Since this was a point release, the netgear team likely backported the fix instead of upgrading samba to the latest and greatest, to avoid breaking things.

    • mdgm-ntgr's avatar
      mdgm-ntgr
      NETGEAR Employee Retired

      We've built firmware with the patch for CVE-2017-7494 for legacy models as well. Once they have undergone QA testing, I believe we plan to release those updates as well:

       

      RAIDiator-4.1.16

      RAIDiator-arm-5.3.13

      RAIDiator-x86-4.2.31

       

      As for SMB2 and SMB3, we're not updating to a newer samba series on the legacy models at this time so SMB2 support would remain experimental and remain disabled. The new firmware has the same samba version except with the patch so the netgearx at the end (where x is a number) would be incremented by one to reflect the change.

      • PHolder's avatar
        PHolder
        Aspirant

        mdgm wrote:

        As for SMB2 and SMB3, we're not updating to a newer samba series on the legacy models at this time so SMB2 support would remain experimental and remain disabled. The new firmware has the same samba version except with the patch so the netgearx at the end (where x is a number) would be incremented by one to reflect the change.


         

        I'm going to keep beating this dead horse until it upgrades to SMB2:

         

        https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/

         

        SMB1 was pretty much already marked as deprecated when ReadyNAS was shipping the NV series as new devices...  and in a couple of months people who have one still working will find new installs of Windows won't be able to even access it...  It seems like the better customer service story would be a recompile and test cycle that adds the necessary SMB 2 (or even SMB 3) support since we already know it works well in Netgear's other products.

NETGEAR Academy

Boost your skills with the Netgear Academy - Get trained, certified and stay ahead with the latest Netgear technology! 

Join Us!

ProSupport for Business

Comprehensive support plans for maximum network uptime and business peace of mind.

Learn More