Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
NetIQ Access Manager 4.1
Situation
A Samba vulnerability called badlock reported on http://badlock.org/. On a typical Access Manager or Access Gateway appliance box, we have following samba version which are 2.x or 3.x line.
namiso:~ #
rpm -qa | grep sambasamba-client-32bit-3.6.3-0.39.1
yast2-samba-client-2.17.27-0.7.29
yast2-samba-server-2.17.15-0.7.79
samba-winbind-32bit-3.6.3-0.39.1
samba-client-3.6.3-0.39.1
samba-winbind-3.6.3-0.39.1
samba-3.6.3-0.39.1
Although the reported vulnerability appears to be on 4.x line, is NAM susceptible to this issue?
Resolution
The version NAM includes is likely to be susceptible to the vulnerability, but the NAM appliance does not need these packages.
An administrator can remove the above packages with rpm -e command - the following message was displayed during the removal of the above packages (packages such as winbind, samba, samba-client package)
An administrator can remove the above packages with rpm -e command - the following message was displayed during the removal of the above packages (packages such as winbind, samba, samba-client package)
warning
“insserv: script tcpserver is broken: incomplete LSB comment.“
Additional Information
4.3 install will remove these packages by default.