Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally) InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally)

Published: 2019-07-10
Last Updated: 2019-07-10 13:50:14 UTC
by Rob VandenBrink (Version: 1)
0 comment(s)

Samba 4.11 (preview release) came out 2 days ago (4.11p0).  Not huge news you say, except for one detail - the default settings on this version now have SMBv1 disabled.  Better yet, they've started to set the stage for removing it completely.

Yes, 2 years after WannaCry, Petya, NotPetya Eternal-everything and all the rest, they've come around and joined the party.  Mind you, this does not change any settings on existing installations, fixing those is still a manual change.  

Hopefully you've used tools like NMAP (nmap -p445 --open <your subnet here> --script smb-protocols.nse) to find and fix any hosts that still support SMBv1, which hopefully includes and *nix/SAMBA hosts in your environment.  I'm also hoping that you've scanned any "storage appliances", which mostly are Linux + SAMBA + iSCSI under the covers.  If you haven't done these scans and remediations, you've likely had a some bad days over the last 2 years.

If you require SMBv1 support in Samba, the team requests that you let them know via a bug report.  This gives them the feedback they need to work on scheduling the deprecation and final removal process for the protocol.

Anyway, good news from the Samba project, and better days ahead!

Full release notes are here: https://github.com/samba-team/samba/blob/59cca4c5d699be80b4ed22b40d8914787415c507/WHATSNEW.txt

===============
Rob VandenBrink
Coherent Security

Keywords: SAMBA SMBv1
0 comment(s)
Diary Archives