just to report two new samba security issues
https://lists.samba.org/archive/samba-announce/2018/000435.html
https://www.samba.org/samba/security/CVE-2018-1050.html
https://www.samba.org/samba/security/CVE-2018-1057.html
just to report two new samba security issues
https://lists.samba.org/archive/samba-announce/2018/000435.html
https://www.samba.org/samba/security/CVE-2018-1050.html
https://www.samba.org/samba/security/CVE-2018-1057.html
from what I understand this should only work if the attack is carried out via intranet, not via internet.
Right?
Yes the domain controller LDAP service binds to a LAN IP.
Samba has released the fix yesterday:
The RPM is available from testing repository /cc @quality_team
yum --enablerepo=nethserver-testing update nethserver-dc
The testing package is on production in my DC since yesterday: Iām going to release it today! Please provide some testing feedback!
Tested on a fresh VM and on my home server:
On the fresh VM it just worked. I tested joining and domain logon from Windows 7.
On the home server I had to reset permissions to make ACL shares work again but this is not related to nethserver-dc I think. Domain logons from Windows 10 worked normally after update.
Thanks Markus great feedback