What is the meaning of the following message: Samba SMB1 Packets Chaining Memory Corruption Vulnerability. How do I disable this function?
Are you seeing this message in the Turbonomic appliance.? I have also found some information about that error you mentioned in this link. Vulnerability Database and Intelligence: Skybox Vulnerability Center
Please keep me posted. If the problem manifests in Turbonomic, I can get you in touch with our support team.
Good afternoon. I’m surprised, but happy. This message was generated on one of our security systems that watches traffic flow, and additionally whether that flow of data contains something that’s suspicious. It has generated this message when monitoring some of our servers. Specifically, the administrator for the security server that’s monitoring traffic noticed the message that I mentioned, in the log of the monitoring device. The attitude here is that the SMB function should not be monitored, and whatever the component is that looks, should be turned off. Do you have reservations about it being disabled? And what is the procedure for inactivating it?
Thank you for the help. I will look at the link that you included.
SMB is a Microsoft protocol primarily used to access disks remotely, though I believe it's also used to access some remote printers and possibly for other purposes.
As configured by default, an Ops Manager VM does not open an SMB listening port, nor does it connect to an SMB services. It can't even easily be enables: While software that "speaks" SMB is certainly available for Linux, we don't install it in the VM's we ship.
It's certainly possible that there's some specialized function we perform, e.g., in application monitoring, that use SMB. But I suspect that this is either a complete false alarm, or a mis-attribution.
If you need us to investigate this further, please open a ticket with Turbonomic Support.
Good morning, and thank you for the response. I really hadn’t done much exploration with the internals of Turbonomics except when necessary, and consequently I feel comfortable with the explanation that you provided about the product as it comes out of the box. You mentioned a couple possibilities for why this happened, and as it turned out, there appears to be a known problem which involves an update to Samba.
I need to investigate further to see how and what the approach will be here at out shop.
Thank you for your time and help.
Good morning. I’m not sure if you and I are interacting because of Green Circle or because of a ticket. But whatever the method, I need some clarity. I have a portion of a log and I’m confused about how to interpret the information. And unless I can get an understanding that makes sense, I’m at a loss for how to trouble-shoot and repair. I’m sending a cut of the log with the hope that you can shed some light. I’m hoping that you will be able to share with me, your understanding of what it means.
If you have the time, and the desire, could we discuss this at 1300 (PST) or later. I’m trying to get another matter cleared up.
Please open a ticket. The Turbonomic support team - Praveen is a member; I'm not sure why you added his name here - are set up to examine the system and gather the necessary data. They also regularly do calls with customers.
We can certainly discuss the findings here, but let's let the support guys do what they do best. If they need additional consulting from Engineering, they know how to get it - their not far from where I'm sitting! :-)
Retrieving data ...