Mitigation:
Any of the following:
1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit
2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.
3. Add the parameter:
nt pipe support = no
to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.
即係 sambacry 係 windows client 導致 ?
MrA d 邏輯真係世界級
唔識英文就查下字典 睇下mitigation點解啦