Badlock cve-2023-2118 ảnh hưởng đến samba là gì năm 2024
|
Posted Fri September 09, 2022 02:33 AM My post for asked question from our customer (in Lao country)./ Tom, any comments with detail as i sent email to our customer. Your case objective: Due to the CVE-2016-2118: Samba Badlock Vulnerability and looking IBM support to suggestion of which SAMBA version (4.2.11 / 4.3.8 / 4.4.2 or later) could be fix for CVE-2016-2118 defect. IBM local support would like response to you with the following answers.
The "Security Bulletin: Badlock Samba vulnerability issue on IBM Storwize V7000 Unified (CVE-2016-2118)" in URL: https://www.ibm.com/support/pages/security-bulletin-badlock-samba-vulnerability-issue-ibm-storwize-v7000-unified-cve-2016-2118 In above url, the "Affected Products and Versions" IBM Storwize V7000 Unified The product is affected when running code releases 1.5.0.0 to 1.6.0.1
You can see the "Resolution Description: Samba is not supported.". Samba is not supported means. Samba is a product shipped as-is. In another way to say there is no any samba support from IBM Please find full detail in screen capture.
Here is the old PMR suggestion: I have just checked the issue of SAMBA vulnerability as follows.
Subject: Multiple errors in DCE-RPC code.
Subject: SAMR and LSA man in the middle attacks possible. How to fix: To fix both CVEs, Samba 4.4.2, 4.3.8 and 4.2.11 have been issued as security releases to correct the defect.
https://www.ibm.com/support/pages/aix-toolbox-open-source-software-downloads-alpha There are having the samba version 4.14.12 (7.1) for RPM/SRPM packages to download.
Please consider to be upgrade samba to version 4.14.12 as available RPM/SRPM packages in IBM website. |
