Return
-
Title
How to disable Samba services on a Virtual Appliance -
Description
Is there a way to disable Samba services on a VA if it's used only for replications and is not used for backup nor Linux FLR (File Level Restore)?
-
Cause
VA v1.3.0, v1.5.0, v1.8.0, and v1.9.0 contain the following Samba vulnerabilities:
- Outdated Samba:
CVE-2012-2111
CVE-2012-1182
CVE-2010-3069
CVE-2011-2522
CVE-2011-2694
CVE-2011-0719
- Remote User List Disclosure Using NetBIOS
CVE-2000-1200
- Null Session/Password NetBIOS Access
CVE-1999-0519
Even though the VAs shouldn't be accessible from outside of the company network, some customers may want to disable Samba on those Virtual Appliances that are not used for backup nor Linux FLR.
- Outdated Samba:
-
Resolution
Note: Samba is used during the backup process and Linux FLR process to connect to the CIFS repository. If you disable Samba, it may cause backup or FLR failures.
To disable Samba services, do the following:
- Login into the VA either via vSphere Client console or SSH client (PyTTY, for example).
- Delete the following files:
/etc/samba/smb.conf
/etc/rc.d/init.d/smbd
/etc/rc.d/rc3.d/S80smbd - Reboot the VA.
-
Defect ID
13809