Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Samba Patches Code Execution Flaw Introduced in 2010

The developers of the Samba interoperability software suite announced on Wednesday the availability of security updates that patch a serious remote code execution vulnerability. Researchers have warned that there are many vulnerable systems accessible directly from the Internet.

The developers of the Samba interoperability software suite announced on Wednesday the availability of security updates that patch a serious remote code execution vulnerability. Researchers have warned that there are many vulnerable systems accessible directly from the Internet.

The flaw, tracked as CVE-2017-7494, affects all versions of Samba since 3.5.0, released in March 2010. The security hole has been addressed in versions 4.6.4, 4.5.10 and 4.4.14, and a workaround has been made available for unsupported versions.

According to Samba maintainers, the vulnerability allows a malicious client to upload a shared library to a writable share, and cause the server to load and execute that file.

The vulnerability exposes various types of systems to attacks, including Linux and network-attached storage (NAS) devices. Rapid7 has warned that many users may not even realize that their systems are running Samba.

Samba provides file and print sharing capabilities between Windows and Unix computers, and it implements many protocols, including SMB, which malicious actors leveraged in the recent WannaCry ransomware attacks. This has led some experts to believe that CVE-2017-7494 could also be exploited for similar worm attacks.

“Unlike SMB, Samba exists on a wide variety of systems from different makers – servers, laptops, home routers, network storage systems, media servers, and many IoT devices. And unlike Windows, those devices may not automatically install an update – even if the manufacturer provides one,” researcher David Longenecker said in a blog post.

Exploiting the vulnerability is easy and proof-of-concept (PoC) code has already been made public, which could lead to in-the-wild attacks. HD Moore, VP of research and development at Atredis, has created a Metasploit module for CVE-2017-7494 and showed how the flaw can be exploited on Ubuntu and a Synology NAS product.

A scan conducted by Rapid7 with its Project Sonar showed more than 104,000 Internet-exposed endpoints running a vulnerable version of Samba, and nearly 90 percent of these systems had been running outdated versions of the software.

Individuals and organizations that still use older versions of Samba can prevent attacks by adding the parameter “nt pipe support = no” to the global section of their smb.conf file. RedHat also pointed out that the SELinux security module blocks potential exploits.

Related Reading: Microsoft, Samba Patch “Badlock” Vulnerability

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.