First, it was Microsoft, and now, its Samba’s turn to be in the news for a bug that could pose a major threat to users. However, Samba users do not have to worry, as the file-sharing bug has already been fixed. The patch for the vulnerability impacting Samba was issued on Wednesday.
How the bug could have affected Samba users
Samba, the popular open-source SMB server software for UNIX systems, has been open to a remote code execution vulnerability for the last seven years. It enables an attacker to upload and execute code on the device, according to an advisory released recently.
The flaw, which was tracked as CVE-2017-7494, could have affected all versions of Samba from 3.5.0 (released March 1, 2010) onward, and it resulted in remote takeover of the affected systems, notes BleepingComputer. According to experts, the more concerning thing about the flaw is that the vulnerability could be exploited with just one line of code.
HD Moore, VP of Research & Development at Atredis Partners, notes that the flaw could be exploited by using a Metasploit module which is currently under development. This means that the CVE-2017-7494 attacks can be scripted and added to automated scanners.
Rapid7, a cyber-security company, says, “If there is a vulnerable version of Samba running on a device, and a malicious actor has access to upload files to that machine, exploitation is trivial.”
The cyber-security firm found more than 104,000 Internet-exposed machines which appear to be running vulnerable versions of Samba software. Some of these versions are major Linux distros, like Red Hat, where the popular service is installed as a default and starts during the boot-up process, notes BleepingComputer.
Some users still vulnerable
Samba is a popular open-source SMB service which provides Windows-based file and print services through CIFS and SMB protocols. It enables interoperability between Microsoft Windows and UNIX and Linux systems, notes ThreatPost. In addition, Samba enables FreeBSD, Mac and Linux users to set up and access shared folders on Windows PCs.
Even though the fix has been released, there is bad news for users. Some may be using the software without even knowing that they’re vulnerable. In such a case, there may be no way to patch it. If a user has a NAS (network-attached storage) device holding documents archives, their accounts payable, or just some photos, then there are chances that they are running Samba, notes CNET.
For users who cannot update their systems due to hardware limitations or various incompatibilities, the Samba Team recommends a workaround. These users should add the “nt pipe support = no” parameter to the smb.conf file and restart the smbd daemon.
Rapid7 notes that there are no signs that the vulnerability has been exploited, but researchers believe that the proof-of-concept exploit code is available publicly. The vulnerability was first discovered by a researcher identified as “steelo” while the patch for it was developed by the Samba Team and Volker Lendecke of SerNet.
