Security Experts:

Connect with us

Hi, what are you looking for?


Network Security

Vendors Investigating Impact of Samba Vulnerability

Companies that provide network-attached storage (NAS) appliances, routers and other types of networking devices have started investigating the impact of a recently disclosed Samba vulnerability on their products.

Companies that provide network-attached storage (NAS) appliances, routers and other types of networking devices have started investigating the impact of a recently disclosed Samba vulnerability on their products.

Updates released last week for Samba, the software suite that provides file and print sharing capabilities between Windows and Unix computers, address a remote code execution flaw (CVE-2017-7494) that affects all versions of the product since 3.5.0, released in March 2010. The fix is included in Samba versions 4.6.4, 4.5.10 and 4.4.14, and a workaround has been made available for unsupported versions.

The security hole can be exploited by a malicious client to upload a shared library to a writable share, and then cause the server to load and execute that library.

While some have compared the vulnerability to the SMB weakness exploited in the recent WannaCry ransomware attacks – due to the fact that one of the protocols implemented by Samba is SMB – others believe CVE-2017-7494 is not as dangerous and there have been no reports of attacks in the wild.

On the other hand, proof-of-concept (PoC) exploits have been released and Rapid7 has identified roughly 110,000 Internet-connected devices running vulnerable versions of Samba.

Samba is used in many products, including routers, NAS systems, servers and IoT devices, and several vendors have already started releasing patches and workarounds.

Cisco has so far only identified two vulnerable products: the Cisco Network Analysis Module and the Cisco Video Surveillance Media Server. The list of products still under investigation includes routers, network and content security, unified computing, communications, and video and telepresence solutions.

NETGEAR informed customers that CVE-2017-7494 affects all its ReadyNAS, all ReadyDATA, and several C, R and N series routers. The company has already released firmware fixes for ReadyNAS 6.x. Until patches become available for other devices, users have been advised to disable write access to shared drives, and remove any USB storage devices connected to their routers or gateways.

QNAP and Synology have also started releasing patches for their affected products, but WD does not appear to have published any security advisories, despite several forum posts on this topic.

Veritas has informed customers that it’s working on patches for its NetBackup Appliances. NetApp has determined that the Samba vulnerability only affects its StorageGRID products, for which the company has released workarounds.

Sophos and F5 Networks told users that their products are not vulnerable to attacks exploiting this flaw.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.