SambaCRY on FreeNAS

John Doe · May 26, 2017

referring to http://thehackernews.com/2017/05/samba-rce-exploit.html
does this apply on FreeNAS as well?

dlavigne · May 26, 2017

Yup,which is why you want to update to 9.10.2-U4.

Pentaflake · May 26, 2017

@dlavigne is there any hope for a small patch to Corral to update its version of Samba. Some of us may not quite be ready or have the time currently to migrate everything back to FreeNAS 9.x yet.

dlavigne · May 27, 2017

Unfortunately, no.

romracer · May 27, 2017

dlavigne said:
Yup,which is why you want to update to 9.10.2-U4.

Pardon me, but doesn't FreeNAS 9.10.2-U4 include Samba 4.5.9? That's what the email update I get says.

Samba 4.5.9 is vulnerable to SambaCry. Samba 4.5.10 is not.

m0nkey_ · May 27, 2017

Code:

[root@tardis] ~# samba -V
Version 4.5.10

dlavigne · May 27, 2017

The version number was incorrect in the subject of the bug ticket and that was what was populated to the Changelog.

pjc · May 28, 2017

Note the workaround mentioned by the Samba team in their security bulletin:

 ==========

Workaround

==========



Add the parameter:



nt pipe support = no



to the [global] section of your smb.conf and restart smbd. This

prevents clients from accessing any named pipe endpoints. Note this

can disable some expected functionality for Windows clients.

If you can't update, that should protect you from this particular issue.

Important Announcement for the TrueNAS Community.

SambaCRY on FreeNAS

John Doe

Guru

dlavigne

Guest

Pentaflake

Explorer

dlavigne

Guest

romracer

Cadet

m0nkey_

MVP

dlavigne

Guest

pjc

Contributor

Similar threads