PDA

View Full Version : Samba Security on SLES 9



bsalamon
05-Jun-2013, 22:55
I am supporting SLES 9 from an Audit & Compliance perspective. The Samba release in use (3.0.26a-0.19) is not documented as being applicable for SLES 9 on the Novell CVE site. (http://support.novell.com/security/cve/CVE-2010-1635.html).
However, if I reference mitre.org or cve details sites, Samba releases of 3.0.26a are vulnerable to this issue. Does Novell simply not document such things in all cases for unsupported releases of the OS? I know this isn't always the case but in this instance I am unable to state or provide any evidence to Data Security whether or not this issue resulting from an internal scan can be closed. Anyone with idea's on the subject?

malcolmlewis
05-Jun-2013, 23:30
On Wed 05 Jun 2013 10:04:03 PM CDT, bsalamon wrote:


I am supporting SLES 9 from an Audit & Compliance perspective. The Samba
release in use (3.0.26a-0.19) is not documented as being applicable for
SLES 9 on the Novell CVE site.
(http://support.novell.com/security/cve/CVE-2010-1635.html).
However, if I reference mitre.org or cve details sites, Samba releases
of 3.0.26a are vulnerable to this issue. Does Novell simply not document
such things in all cases for unsupported releases of the OS? I know this
isn't always the case but in this instance I am unable to state or
provide any evidence to Data Security whether or not this issue
resulting from an internal scan can be closed. Anyone with idea's on the
subject?




Hi
Have you looked at the changelog eiter via YaST sotware management or
via the rpm command from the command line.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 12.3 (x86_64) Kernel 3.7.10-1.11-desktop
up 2 days 0:37, 3 users, load average: 0.20, 0.10, 0.06
CPU AMD Athlon(tm) II P360@2.30GHz | GPU Mobility Radeon HD 4200