An Anonymous Coward writes:
A 7-year-old critical remote code execution vulnerability has been discovered in Samba networking software that could allow a remote attacker to take control of an affected Linux and Unix machines.
[...] The newly discovered remote code execution vulnerability (CVE-2017-7494) affects all versions newer than Samba 3.5.0 that was released on March 1, 2010.
"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba wrote in an advisory published Wednesday.
This discussion has been archived.
No new comments can be posted.
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely
|
Log In/Create an Account
| Top
| 36 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 2, Informative) by Anonymous Coward on Saturday May 27 2017, @01:14PM (2 children)
Major security flaw? Of course it comes from a microsoft integration.
(Score: 2) by kaszz on Saturday May 27 2017, @04:10PM
Must have bug'd to be compatible. It would be unfair if Unixes had fewer bugs ;) Bug'd will join system'd, telemetry'd, listen'd and spy'd ;-)
(Score: 2) by butthurt on Sunday May 28 2017, @04:33AM
-- https://en.wikipedia.org/wiki/Server_Message_Block [wikipedia.org]
(Score: 3, Disagree) by bradley13 on Saturday May 27 2017, @01:28PM (11 children)
In order for this flaw to be exploited, you have to expose your file-sharing port on the Internet, and the share has to be writable. So, sure, it's a flaw. But you also have to be pretty stupid.
According to TFA, apparently nearly half a million people are this stupid... Hmm...
Everyone is somebody else's weirdo.
(Score: 2) by NotSanguine on Saturday May 27 2017, @01:39PM (3 children)
"Think about how dumb the average guy is. Then realize that half of everyone else is dumber than that." --Often attributed to George Carlin (???)
No, no, you're not thinking; you're just being logical. --Niels Bohr
(Score: 2) by hemocyanin on Saturday May 27 2017, @03:05PM (2 children)
What is most funny about that quote, is everyone thinks it is funny.
(Score: 2) by zocalo on Saturday May 27 2017, @03:16PM
UNIX? They're not even circumcised! Savages!
(Score: 0) by Anonymous Coward on Saturday May 27 2017, @03:21PM
hehehe!
o wait
(Score: 2) by kaszz on Saturday May 27 2017, @01:55PM (1 child)
Let's put it this way. Some distributions and pre-installed Linux machines have Samba shares enabled by default. I didn't like it when I saw it the first time but thought that open and free software tend to have better order than the microshaft counterpart so it could be alright.
Now my initial misgivings have been confirmed. If the MBA minds hadn't bough into the microshaft shafting of users. We would have way less of this shit.
And it doesn't seem far fetched to think this is related to: New SMB Worm 'EternalRocks' Uses Seven NSA Hacking Tools -- WannaCry Used Just Two [soylentnews.org].
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @06:15PM
and do these mythical distros with samba shares enabled by default also have the share set up on the public/only interface? If so, then i have to assume that those distros are only supposed to be used inside of a lan. if not, that's hilarious.
(Score: 3, Insightful) by zocalo on Saturday May 27 2017, @02:09PM
A lot of major exploits are not caused by users being stupid, they're caused by admins who should know better not taking into account that a chain is only as strong as its weakest link, then failing to think about how they can mitigate against the threat that a supposedly insignificant workstation getting compromised presents to more critical systems. If an admin is not assuming that an attacker is potentially going to be launching attacks on servers from within their network, possibly even using network communication channels that are required for the business to actually function, and implementing measures to detect and hopefully prevent that escalation, then they're doing it wrong.
UNIX? They're not even circumcised! Savages!
(Score: 2, Informative) by Anonymous Coward on Saturday May 27 2017, @02:24PM
No.
You might have a case if it was about people going out of their way to enable that on their desktops, but we're talking NAS devices here. Those are mass-market products. You can't expect from the average user to have the level of knowledge and suspicion as a seasoned Linux sysadmin.
If people want to have access to their files over the Internet, they'll buy a NAS and set it up according to the manual. Any security holes resulting from the default setup are on the manufacturer.
(Score: 2, Offtopic) by Runaway1956 on Saturday May 27 2017, @02:36PM (1 child)
"the share has to be writable"
Forget the internet sharing - no one with half a mind shares their hard drive to the intertubes. No one with a quarter of a mind, FFS.
But, I don't even make shares writable on my own private network. Everyone in the house has their own fricking hard drive. If they want to write stuff and save it, they can save it there. I'm the only person I trust to write on my hard drives. If my wife (who has the most valid claim to any of my property) wants to put a movie on the server, I navigate to her system shares, copy the movie in question, THEN I WRITE IT to my hard drives, from my own desktop. No one writes to my system, but me.
ICE is having a Pretti Good season.
(Score: 3, Informative) by frojack on Saturday May 27 2017, @05:06PM
Add to your /etc/samba/smb.conf:
Any hint of a problem is gone.
This feature was mostly used by windows machines to provide distribution of windows printer drivers.
But as we all know, just because you can deliver an executable file to samba server doesn't mean you can make it executable on that server. The biggest risk here is that it will allow the propagation of that executable to other windows machines. But of course, who would attack a samba server if there were windows machines around to attack?
No, you are mistaken. I've always had this sig.
(Score: 2) by wonkey_monkey on Saturday May 27 2017, @08:18PM
No you don't. There are other scenarios where this would be bad.
systemd is Roko's Basilisk
(Score: 1) by fustakrakich on Saturday May 27 2017, @04:08PM (6 children)
Slackware is on top of it [utah.edu], on the very same day.
La politica e i criminali sono la stessa cosa..
(Score: 2) by kaszz on Saturday May 27 2017, @04:15PM (4 children)
The interesting observation will then be how fast other distros or BSDs will fix this in comparison.
(Score: 2) by frojack on Saturday May 27 2017, @06:08PM (3 children)
nt pipe support = no
Done.
(Like most other breathless report of flaws, this too is over hyped - usually by the windows apologists).
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday May 27 2017, @06:14PM (2 children)
But, but but then you can't distribute printer drivers! ;-)
Yeah, there seems to be a simple fix. The interesting is to observe the comparative response time from discovery to fix. Secure Microsoft Windows is an oxymoron. So I'll guess most persons will not blame themselves for not achieving that and as consequence not use it for anything important.
(Score: 2) by butthurt on Sunday May 28 2017, @03:53AM (1 child)
> Yeah, there seems to be a simple fix.
-- https://www.samba.org/samba/security/CVE-2017-7494.html [samba.org] (linked from summary)
(Score: 2) by kaszz on Sunday May 28 2017, @05:32AM
Then those distributions has to import the new source, compile and save. Takes time.
(Score: 0) by Anonymous Coward on Saturday May 27 2017, @11:29PM
I'm on Mint and the Samba patch was in my updates 24/25 May. Linux is on top of it!
If this fault was in Windoesn't the TLA would exploit it for 7 years, then it wouls be wikiLeaked to the world and patched two months later, also known as "Next Tuesday". A week after that the patch would be found faulty too, rinse and repeat.
(Score: 1, Interesting) by Anonymous Coward on Saturday May 27 2017, @04:53PM (6 children)
I see a lot of victim blaming in this thread, and I feel that is unjustified. Sure, if you put a writable share without authentication on an open port on the internet, then you deserve the problems you'll get. That is not what this story is about though. Is it?
What if I want to put a shared directory online, using strong authentication methods, with a writable share limited to one specific directory, so that its easy to move files around but not a security risk? Something like a NAS which I or family members could access remotely? I should be able to do this without any problems. (Indeed there are many companies selling such machines.) I should not be required to hold a full-time job as a sysadmin, just to keep up-to-date on the latest zero-day exploits, just to keep my systems secure.
The only reason putting systems like these on the open internet is a problem, is the fact that software is chock full of buffer overflow bugs and other faults that make them a security risk. This in turn, is a problem due to the fact that the majority of systems programmers still use horribly unsafe programming languages like C and C++, where blowing off your own foot and causing a remote code execution vulnerability or a privilege escalation exploit are daily occurrences. As long a people keep using C for low level work, we will keep having these problems. People should be moving to safer languages yesterday. Rust is looking nice. Perhaps that will be a good alternative.
This is the reason why we cannot have nice things. This is the reason why I need to use stupid middlemen services like dropbox or yousendit to send files to people. Because setting up my own file sharing server with samba/cifs/ftp is simply too dangerous, even for someone like me (a seasoned developer but no sysadmin expert) let alone the average consumer. It should not be this way.
(Score: 2) by kaszz on Saturday May 27 2017, @06:08PM (4 children)
Samba implements SMB for MS-Windows which is full of bad designs and code. So of course you don't put that on the internet.
The reason a lot of software is bug ridden is because a lot of people are not up to the discipline of programming. And to make it worse a lot of functionality that isn't needed is added which increases the risk for mistakes. Using C makes software to have performance too. The instability of the glue between low level and higher level language is another reason to avoid cobbling together C + whatever.
I'll guess that plain filesharing on a local LAN is what most people want. How much code it takes to implement just that and nothing else would be interesting to find out.
(Score: 2) by frojack on Saturday May 27 2017, @06:12PM (3 children)
Omniscience is very hard to program.
Start by defining some basic terms:
plain filesharing
Local LAN
No, you are mistaken. I've always had this sig.
(Score: 2) by kaszz on Saturday May 27 2017, @06:16PM (2 children)
Local LAN = within same netmask and behind any NAT or firewall. Presumably within the same building.
Plain filesharing = Open share, write file, read file, close share.
(Score: 2) by wonkey_monkey on Saturday May 27 2017, @08:23PM (1 child)
Local Local Area Network.
I think the "Local Local" bit may be what exception was taken to.
systemd is Roko's Basilisk
(Score: 0) by Anonymous Coward on Saturday May 27 2017, @09:40PM
It could be LAN network inside VPN network that goes over WAN network.
>;P
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @06:20PM
look, you poor, ignorant windows user, if it's designed to be run on a lan, then you don't put it on the internet without more steps/filters being in front of it. firewall rules, openvpn, etc. the password auth of the application or some such shit, doesn't freaking count. if the "victim" doesn't know that, then they deserve part of the blame. lazy idiots want to do shit without learning anything, then whine like someone who donated Free Software should have made it impossible for them to deploy in a stupid way. It's absurd.
(Score: 0) by Anonymous Coward on Saturday May 27 2017, @06:20PM
If you use simple file sharing (but not the Windows Homegroup method) to share a single folder on your LAN, it also exposes the users entire folder structure. Example... Create a folder called "Shared Files" in any user folder, perhaps in the Downloads folder. Share the folder on your LAN. Now browse the network from another PC on the LAN and look for the "Users" folder. Everything is there ready to see... The Documents folder, Photos, Music, Videos, all the files within those folders, etc. This has been a problem from Win95 to Win10. There's a way to remove this bug by unsharing the User folder, but Windows update borks it again and again.
(Score: 4, Funny) by wonkey_monkey on Saturday May 27 2017, @07:20PM (4 children)
Is it any wonder this child turned to a life of crime? Shame on Mr and Mrs Flaw for giving their child a stupid name like Samba.
systemd is Roko's Basilisk
(Score: 2) by inertnet on Saturday May 27 2017, @07:37PM (3 children)
Well what do you expect, the parents can afford thousands of Linux PCs.
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @03:57AM (2 children)
Samba Flaws is going around the world, giving away computers. It's like Christmas for hackers.
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @04:12AM
trying again: with Samba Flaws flying around the world, hackers are owning computers like it's Christmas.
(Score: 2) by wonkey_monkey on Monday May 29 2017, @10:58AM
Samba Flaws is coming... to pwn.
systemd is Roko's Basilisk
(Score: 0) by Anonymous Coward on Sunday May 28 2017, @06:25AM
You can't hack my Samba if I don't have it.