Samba Vulnerability CVE-2015-0240
-
Dell, can we have an answer on this please? - wafflesmcduff 9 years ago
Answers (1)
Dell's Response:
Source https://support.software.dell.com/kb/149435
Resolution
The K1000 and K2000 are susceptible to the Samba vulnerability outlined in CVE-2015-0240. The K3000 is not vulnerable as it does not include a Samba server.
K1000 Mitigation
Samba may be disabled on the K1000. Samba is often used as a method of offering access to the K1000 agent installation. However, such access may be made available using alternative locations and technologies to avoid a need for Samba access to the K1000.
On the K1000, the Samba share is primarily used for agent deployment when the built-in provisioning capability is used. Other uses include:
- Access to the agent bundles for various platforms that have been uploaded to the K1000 via a kbin. A user will download these when they wish to deploy the agent in another way (e.g. load the Windows MSI into a GPO script for deployment using that method).
- Upload of large software installers. The Admin UI allows a file up to 2GB in size to be uploaded to set up a software installation (kscript, managed installation, software installer on the user portal). If a software installer is larger than that, the K1000 uses the Samba share with the correct password specified by the user to upload the file to the K1000.
- Transfer of K1 resources. This feature is used to download/upload '.kpkg' configuration files to move configured objects from one K1000 to another. For most users, .kpkg files are provided by Dell KACE Technical Support and/or training Koaches to assist in configuring more complex objects. Transferrable objects consist of managed installs, notifications, Service Desk processes, ticket rules, and queues, reports, scripts, smart labels, and custom software inventory.
Since all of these activities described above (including agent provisioning) are typically short-term or one-time uses, we recommend that all customers keep the Samba share off except when engaged in one of the activities listed above. To turn off the Samba share, authenticate to the 'admin' UI (or the 'system' UI if the K1000 is configured for multiple organizations) on the K1000 and navigate to the Control Panel page from the Settings menu on the left navigation bar. Select the Security Settings page. Scroll to the Samba settings and unselect 'Enable File Share' (or 'Enable Organization File Shares' on a multi-org K1000). NOTE: Changing this setting will cause the K1000 to reboot.
K2000 Mitigation
Samba may not be disabled on the K2000 without significant impact to functionality. However, as it is not recommended that the K2000 be Internet-facing, the risk of exploit is limited to those on your local network.
For security related recommendations related to the K2000, please visit http://www.kace.com/support/resources/kb/article/K2000-Appliance-Security-Recommended-Practices
This KB article will be updated with new information as it becomes available. Please check this article periodically for updates and links to forthcoming hotfixes.