Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally) - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Samba Project tells us "What's New" - SMBv1 Disabled by Default (finally)

Samba 4.11 (preview release) came out 2 days ago (4.11p0).  Not huge news you say, except for one detail - the default settings on this version now have SMBv1 disabled.  Better yet, they've started to set the stage for removing it completely.

Yes, 2 years after WannaCry, Petya, NotPetya Eternal-everything and all the rest, they've come around and joined the party.  Mind you, this does not change any settings on existing installations, fixing those is still a manual change.  

Hopefully you've used tools like NMAP (nmap -p445 --open <your subnet here> --script smb-protocols.nse) to find and fix any hosts that still support SMBv1, which hopefully includes and *nix/SAMBA hosts in your environment.  I'm also hoping that you've scanned any "storage appliances", which mostly are Linux + SAMBA + iSCSI under the covers.  If you haven't done these scans and remediations, you've likely had a some bad days over the last 2 years.

If you require SMBv1 support in Samba, the team requests that you let them know via a bug report.  This gives them the feedback they need to work on scheduling the deprecation and final removal process for the protocol.

Anyway, good news from the Samba project, and better days ahead!

Full release notes are here:

Rob VandenBrink
Coherent Security

Rob VandenBrink

579 Posts
ISC Handler
Jul 10th 2019

Sign Up for Free or Log In to start participating in the conversation!