An Anonymous Coward writes:
A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.
[...] The newly discovered remote code execution vulnerability (CVE-2017-7494) affects all versions newer than Samba 3.5.0 that was released on March 1, 2010.
"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba wrote in an advisory published Wednesday.
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @06:15PM
and do these mythical distros with samba shares enabled by default also have the share set up on the public/only interface? If so, then i have to assume that those distros are only supposed to be used inside of a lan. if not, that's hilarious.