A widespread Samba vulnerability has raised the possibility of attacks similar to WannaCry hitting Linux and Unix systems, but mitigation options are available.
Researchers warn that many Linux and Unix systems contain a Samba vulnerability that could eventually lead to attacks similar to WannaCry or worse, if IT pros don’t remediate quickly.
According to the Samba security advisory, the vulnerability (CVE-2017-7494) affects versions 3.5 (released March 1, 2010) and newer. The Samba vulnerability is remotely exploitable and could allow “a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.”
Nick Bilogorskiy, senior director of threat operations at Cyphort, said although there are no active exploits in the wild, the damage from this Samba vulnerability could be steep.
Research from Rapid7 Labs said attacks on this Samba vulnerability could come over the same port 445 used to access SMB on Windows machines, but port 139 could also expose endpoints to attack. Rapid7 suggested “organizations should review their firewall rules to ensure that SMB/Samba network traffic is not allowed directly from the internet to their assets.”
A patch has been released and the Samba advisory also noted a potential workaround for those who can’t patch right away. Samba said adding the argument “nt pipe support = no” to the global section of the Samba configuration file will mitigate the threat, but could have the added consequence of disabling “some expected functionality for Windows clients.”
Submitted by: Arnfried Walbrecht