sfx2000
Part of the Furniture
Probably too soon for the factory firmware builds (QA driven), but anything on the RMerlin releases?
http://badlock.org
http://badlock.org
- FIXED: Backported security fixes from OpenWRT to Samba 3.6.25,
addressing the following:
CVE-2015-5252, CVE-2015-5370, CVE-2015-5296,
CVE-2015-5299, CVE-2015-7560, CVE-2016-2110,
CVE-2016-2111, CVE-2016-2112, CVE-2016-2115,
CVE-2016-2118.
Actually, looks like this is old news. It's already patched in 380.59 beta (see the last CVE).
Code:- FIXED: Backported security fixes from OpenWRT to Samba 3.6.25, addressing the following: CVE-2015-5252, CVE-2015-5370, CVE-2015-5296, CVE-2015-5299, CVE-2015-7560, CVE-2016-2110, CVE-2016-2111, CVE-2016-2112, CVE-2016-2115, CVE-2016-2118.
RMerlin, was this the work of Asus or yourself?
(I'm assuming Asus).
Stock ASUSWRT aren't vulnerable (judging from the CVE's) because they use an older Samba (3.0.x ?)
Pretty sure they didn't bother checking if versions older than 3.6 were vulnerable, since they are supposed to have been EOL'ed years ago...
Unfortunately, until the Samba devs decide to do something about Samba being far too fat to fit in embedded devices, manufacturers will keep using such old versions. I read some discussion from this spring involving Samba developers, and their stance seems to pretty much be "if someone does something to reduce Samba's size, we'll merge it", meaning they won't do anything themselves. Just merging a standardized way of generating a multicall binary would already greatly help with Samba's flash footprint.
Another issue apparently is Samba's build system, which doesn't play nice (especially in newer 4.x versions) with cross compiling.
I faintly recall reading Samba prefers forking processes to threads. Can't remember if true and for what reasons. BTW, Apple implements its own SMB daemon in recent versions of MacOS. Ditched Samba. Their own AFP is on the path to deprecation too.
BTW, Apple implements its own SMB daemon in recent versions of MacOS. Ditched Samba. Their own AFP is on the path to deprecation too.
Home router manufacturers are passively killing Samba feature maybe. Most of them have NAS ready to pick up customers..
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!