Web lists-archives.com

Re: [Samba] Require help on removing SAMBA




Hi Team,

sun1333 $ svcs -a | grep samba                     
disabled       Apr_08   svc:/network/samba:default

I see SAMBA is already disabled with the above information but when vulnerability scan is done on our server we are reported with below vulnerabilities from SAMBA 3.0.24

Samba receive_smb_raw() Remote Code Execution Vulnerability
Samba MS-RPC Request Parsing Heap Buffer Overflows
Samba Remote Command Injection Vulnerability  

we don’t want to apply patch as we are not using it . I am also searching google for more help to remove it . Thanks for your inputs. 

-----Original Message-----
From: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] On Behalf Of Reindl Harald via samba
Sent: 11 April 2017 03:57 PM
To: samba@xxxxxxxxxxxxxxx
Subject: Re: [Samba] Require help on removing SAMBA

stay on list!

Am 11.04.2017 um 12:08 schrieb M, Suganthi:
> Thanks for your reply . I am not able to find people who installed it 
> because it was done around
> 10 years back but I am requested to remove it from our SOLARIS10 server now .  
> I am able to see samba in /etc/samba  which has private folder and conf file. 
> Please let me know if you can help with executable commands with steps for removing SAMBA.

i typed in google "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tek-2Dtips.com_viewthread.cfm-3Fqid-3D471016&d=DwICaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=x2M0tR3EdRhNjaWgQZf1vcBsXdJ9DorFVGz7dY414mg&m=1bLDzswE6KWobjGDVIIbLt0ZW1bt7vXnRDl7fsgorpw&s=5KRtivQvjwpbCWQwzue73pLQMj6D9LpTsivT3Su17Hg&e= "
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.tek-2Dtips.com_viewthread.cfm-3Fqid-3D471016&d=DwICaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=x2M0tR3EdRhNjaWgQZf1vcBsXdJ9DorFVGz7dY414mg&m=1bLDzswE6KWobjGDVIIbLt0ZW1bt7vXnRDl7fsgorpw&s=5KRtivQvjwpbCWQwzue73pLQMj6D9LpTsivT3Su17Hg&e= 

as you have no idea how your machine is setup and there exists no documentation in your company you have 3 options:

* just disable the service and don't touch anything else
* setup a new machine with documentation
* just google around

this is *not* just a samba specific question

i would setup a new machine when obviously nobody has a clue about the software state and someone expects me to take over responisbility for a setup without documentation and a known state

> -----Original Message-----
> From: samba [mailto:samba-bounces@xxxxxxxxxxxxxxx] On Behalf Of Reindl 
> Harald via samba
> Sent: 11 April 2017 03:27 PM
> To: samba@xxxxxxxxxxxxxxx
> Subject: Re: [Samba] Require help on removing SAMBA
> 
> Am 11.04.2017 um 11:34 schrieb M, Suganthi via samba:
>> Can you please guide us to remove SAMBA 3.0.24 completely from our 
>> SOLARIS Server as we don't require it anymore?
> 
> nobody knows how you installed it and so even nobody knows locations 
> of data which on many package driven systems are below /etc/samba and 
> /var/lib/samba
> 
> anyways, that's more a operating system related question


--
To unsubscribe from this list go to the following URL and read the
instructions:  https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.samba.org_mailman_options_samba&d=DwICaQ&c=gJN2jf8AyP5Q6Np0yWY19w&r=x2M0tR3EdRhNjaWgQZf1vcBsXdJ9DorFVGz7dY414mg&m=1bLDzswE6KWobjGDVIIbLt0ZW1bt7vXnRDl7fsgorpw&s=PfsvCAZ0eHOG9NBkhx0sWt7PSeSz76msXGrq-gaSpZs&e= 
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba