News Comments FAQ Related Articles

Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

3175

samba

Researchers has released a warning that many Linux and UNIX systems contain a Samba vulnerability that could eventually lead to attacks similar to WannaCry or worse.

According to Samba security advisory, the vulnerability (CVE-2017-7494) affects version 3.5 and newer versions. The vulnerability is remotely exploitable and could allow a malicious client to upload a shared library to share and cause the server to load and execute it.Nick Bilogorskiy, senior director of threat operations at Cyphort said although there were no active exploits in Samba, the damage could be sheer consequences. " Because this vulnerability allows remote code execution, attackers will have full control over a compromised machine, and any payload is possible," Bilogorskiy told SearchSecurity. " For example, [an attacker could] drop a backdoor, steal data from the system, spy on the user, attack other systems or try to encrypt all data for a ransom."

Lane Thames, senior security researcher at Tripwire said the enterprises should act fast to patch this vulnerability and ensure that no unnecessary samba services are exposed to the internet.

The remediation for the vulnerability has been informed among the users. Rapid7 labs suggested that the organizations should review their firewalls rules to ensure that Samba network traffic is not allowed directly from the internet to their assets. Samba has also released a patch to remedy for the vulnerability. Samba also informed that adding an argument “ nt pipe support = no” to the global section of the Samba configuration file may mitigate the threat.

Thames further added " Enterprise server vendors are moving fast to push out patches to enterprise customers for this Samba vulnerability. However, [network-attached storage] vendors might not move so quickly on this and in some cases they might not even issue patches for this."

So what is the difference between WannaCry and Samba vulnerability is that both the issues affected the same protocol. Bilogorskiy has warned the Linux users that any Samba worm may hit Linux and UNIX servers, where most do not have auto-update enabled. In fact some of these UNIX systems work for years without any maintenance. Also, unlike workstations, most of them are always on, users never power them off. If the Samba vulnerability is directly connected to the internet the more the chances of online unpatched targets for a worm to infect.

Tags:
Author: 

Comments ( 0 )

No comments available

Frequently asked questions ( 5 )

Q

What is the Limiting the number of concurrent connections?

A

Samba is able to limit the number of concurrent connections when smbd is launched as a daemon (not from inetd). The 'max smbd processes' smb.conf option allows Administrators to define the maximum number of smbd processes running at any given point in time. Any further attempts from clients to connect to the server will be rejected.

Q

how to Using interface protection in Samba vulnerability calls to mind WannaCry fears?

A

By default Samba will accept connections on any network interface that it finds on your system. That means if you have a ISDN line or a PPP connection to the Internet then Samba will accept connections on those links. This may not be what you want.

You can change this behavior using options like the following:

interfaces = eth* lo
bind interfaces only = yes

that tells Samba to only listen for connections on interfaces with a name starting with 'eth' such as eth0, eth1, plus on the loopback interface called 'lo'. The name you will need to use depends on what OS you are using. In the above I used the common name for ethernet adapters on Linux.

Q

How to Upgrading Samba?

A

Of course the best solution is to upgrade Samba to a version where the bug has been fixed. If you wish to also use one of the additional measures above then that would certainly be a good idea.

Please check regularly on samba.org for updates and important announcements, use following link as given below "https://www.samba.org/"

Q

What is a need of Protecting an unpatched Samba server?

A

This following instructions will help provide your Samba server some protection against security vulnerabilities if you are unable to (or until you are able to) upgrade to the patched version. Even if you do upgrade you might like to thinkabout the suggestions here to provide you with additional levels of protection

Q

How to Preventing These and Other Container Exploits the Samba?

A

For continuous detection and prevention, most importantly, a distributed container firewall like NeuVector should be in place to detect these critical vulnerabilities and real-time exploits. By default, port 445, which is used in this exploit, should not be open to the public. Even for internal east-west traffic, NeuVector will block unnecessary network access and these attacks will be detected, alerted and blocked at every step in the kill chain.

Related Tutorials in Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

Related Tutorials in Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

How to install and configure samba setup in Linux mint - 18.3
How to install and configure samba setup in Linux mint - 18.3
Mar 26, 2018
How to Install and Configure Samba on Linux Mint 20
How to Install and Configure Samba on Linux Mint 20
Nov 9, 2020
How to install and configure Samba on OpenSUSE 42.1
How to install and configure Samba on OpenSUSE 42.1
Aug 14, 2017
How to Setup Samba server and Allow File Sharing in Linux/Windows Clients
How to Setup Samba server and Allow File Sharing in Linux/Windows Clients
Jun 7, 2016
How to Install and configure the Samba server on oracle linux
How to Install and configure the Samba server on oracle linux
Jun 16, 2022
How to Install Samba on Ubuntu 20.4.1
How to Install Samba on Ubuntu 20.4.1
Nov 6, 2020
How to install and configure Samba Share in Rocky Linux 8.6
How to install and configure Samba Share in Rocky Linux 8.6
Sep 21, 2022
How to Install and configure samba share on CentOS8.1
How to Install and configure samba share on CentOS8.1
Nov 2, 2020

Related Forums in Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

Related Forums in Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

Linux
stephan class=
How to list all samba users
Jan 12, 2018
Samba
noah class=
How to reset SAMBA user password
Sep 6, 2017
Shell Script
landon class=
How to add multiple user in samba using shell script
Oct 25, 2017
Samba
david class=
How to check SAMBA user in linux
Sep 5, 2017
Samba
gabriel class=
You need permission to perform this action
Nov 2, 2020
Samba
AadrikaAnshu class=
How to delete a samba user in CentOS 7.6
Jul 1, 2019
Mount
brayden class=
cannot mount a samba share
May 3, 2018
Samba
oliver class=
Adding multiple users to group in Samba
Jan 30, 2017

Related News in Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

Related News in Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX

Cisco releases patches for several of its products
Cisco releases patches for several of its products
Apr 7, 2017
Schools are the most common cybercrime targets - ESET
Schools are the most common cybercrime targets - ESET
May 3, 2017
Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX
Samba vulnerability calls to mind WannaCry fears to Linux/ UNIX
May 30, 2017
Patches available for Linux Sudo vulnerability
Patches available for Linux Sudo vulnerability
Jun 1, 2017
Yahoo banishes ImageMagick software after it was found vulnerable to data exfiltration
Yahoo banishes ImageMagick software after it was found vulnerable to data exfiltration
May 24, 2017
New Security Breach at Avast Aimed at Its Ccleaner Software
New Security Breach at Avast Aimed at Its Ccleaner Software
Oct 26, 2019
8.7 million customer Data Breached from Russian ISP
8.7 million customer Data Breached from Russian ISP
Oct 15, 2019
Data Breach in Sabre: Hotel reservation information intruded
Data Breach in Sabre: Hotel reservation information intruded
May 4, 2017
Back To Top!