Shades of #WannaCry as Urgent Patch Issued for SMB Software Samba

Written by

Security experts are urging users to patch a seven-year-old bug in open source SMB implementation Samba or potentially risk a WannaCry-style malware outbreak.

CVE-2017-7494 affects all versions of Samba from 3.5.0 onwards and can apparently be exploited with just one line of code if certain conditions are met, such having port 445 open.

The advisory noted:

“All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.”

As a result, even non-technical hackers could pretty easily upload any kind of malicious code they like.

The big concern is that, like WannaCry, which also targeted an SMB bug, this vulnerability could be exploited to spread worm-like across the internet, with home NAS devices at risk as well as corporate implementations.

The one saving grace is that Samba isn’t as popular as the Windows versions targeted by WannaCry.

Rapid7 chief data scientist, Bob Rudis, claimed the firm discovered over 104,000 endpoints running vulnerable Samba versions.

“We believe these vulnerable systems are likely conduits into organization networks; but it’s also likely that many of these devices are personal, IoT devices. Many home and corporate network storage systems also run Samba, and it's very straightforward to enable the Samba service on any Linux endpoint,” he explained.

“Organizations should be reviewing their official asset and configuration management systems to immediately identify vulnerable systems and then perform comprehensive and regular full network vulnerability scans to identify misconfigured or rogue systems. Many NAS environments are used as network backup systems; a direct attack or worm would render those backups almost useless. We advise that organizations create an offline copy of critical data as soon as possible if patching cannot be done immediately.”

What’s hot on Infosecurity Magazine?