On 26/12/12 15:18, Novosielski, Ryan wrote:
RHEL 3 I believe reached end of support (by RedHat, not Samba) in 2010. I believe RHEL 4 has since reached end of support as well. So unless the client is paying for RedHat extended life-cycle service or is off the network (unlikely he wants to interface with Samba), he should be off of that platform ASAP because he's no longer receiving any security patches.
It's worse than that. If I am not mistaken his RHEL3 box has a remote root vulnerability curtsey of the Samba PIDL security hole from April last year. Even the extended life-cycle service won't help because it has a restricted list of services you can run which does not include Samba.
If there is genuinely an Oracle application that cannot be run in anything later than RHEL3, then it needs to be run in a VM of some description running nothing else apart from this and firewalled as tightly as possible.
Anything else including the Samba stuff should be running in separate VM's or different hardware. Running either RHEL4 or RHEL3 based distributions for services other than is absolutely necessary is crazy stupid; and IMHO a sacking offence.
JAB. -- Jonathan A. Buzzard Email: jonathan (at) buzzard.me.uk Fife, United Kingdom. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/options/samba
