Stories
Slash Boxes
Comments

SoylentNews is people

7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely

posted by on Saturday May 27 2017, @12:47PM   Printer-friendly
from the WannaCryToo dept.

An Anonymous Coward writes:

Hackernews reports:

A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.

[...] The newly discovered remote code execution vulnerability (CVE-2017-7494) affects all versions newer than Samba 3.5.0 that was released on March 1, 2010.

"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba wrote in an advisory published Wednesday.

Original Submission

 
This discussion has been archived. No new comments can be posted.
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely | Log In/Create an Account | Top | 36 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2, Offtopic) by Runaway1956 on Saturday May 27 2017, @02:36PM (1 child)

    by Runaway1956 (2926) Subscriber Badge on Saturday May 27 2017, @02:36PM (#516422) Journal

    "the share has to be writable"

    Forget the internet sharing - no one with half a mind shares their hard drive to the intertubes. No one with a quarter of a mind, FFS.

    But, I don't even make shares writable on my own private network. Everyone in the house has their own fricking hard drive. If they want to write stuff and save it, they can save it there. I'm the only person I trust to write on my hard drives. If my wife (who has the most valid claim to any of my property) wants to put a movie on the server, I navigate to her system shares, copy the movie in question, THEN I WRITE IT to my hard drives, from my own desktop. No one writes to my system, but me.

    Starting Score:    1  point
    Moderation   0  
       Offtopic=1, Insightful=1, Total=2
    Extra 'Offtopic' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 3, Informative) by frojack on Saturday May 27 2017, @05:06PM

    by frojack (1554) on Saturday May 27 2017, @05:06PM (#516457) Journal

    Add to your /etc/samba/smb.conf:

    nt pipe support = no

    Any hint of a problem is gone.

    This feature was mostly used by windows machines to provide distribution of windows printer drivers.

    But as we all know, just because you can deliver an executable file to samba server doesn't mean you can make it executable on that server. The biggest risk here is that it will allow the propagation of that executable to other windows machines. But of course, who would attack a samba server if there were windows machines around to attack?

    --
    No, you are mistaken. I've always had this sig.