• It's not just Windows anymore: Samba has a major SMB bug

    First, it was Microsoft's turn to deal with a terrible SMB security hole, WannaCry. Now, it's the open-source SMB server Samba's turn.

    The other week, Microsoft got its security teeth kicked in when an old SMB security hole was exploited by the WannaCry ransomware attack. This week, it's the turn of Samba, the popular open-source SMB server.

    Like the WannaCry security hole, the good news is the Samba file-sharing bug has already been fixed. The bad news is you may be using Samba without knowing it. In this case, there may be no way for you to patch it.

    Where? How? If you have a network-attached storage (NAS) device holding your accounts payable, document archives, or just your kid's high-school graduation photos, chances are you're running Samba, the open-source file and print server. It's commonly used in these devices, and the vendors that make them are not known for patching their systems quickly, or sometimes, at all.

    Worse still, the hole, CVE-2017-7494, is seven-years old. The bug dates back to Samba 3.5.0, which was released on March 10, 2010. All versions since then -- I repeat, all versions -- including the latest, 4.6.4, are vulnerable to this remote code execution vulnerability.

    The bad news doesn't stop there. While Samba 4.6.4, 4.5.10, and 4.4.14 have been issued as security releases to correct the defect, you'll need to manually patch older Samba versions.

    This hole enables an attacker to upload a shared library to a writable drive share. Once in, a hacker can make the server load and execute a malicious payload as the root user. What kind of payload? Pretty much anything goes.

    Läs hela artikeln.