Threats from a Seven-Year-Old Flaw

Samba is open-source networking software that runs on the vast majority of today’s operating systems (OS), including such giants as Windows and Linux.  One reason for its popularity is that it allows non-Windows OS’s to share with Windows OS’s that are on the same network, such as files, folders, and printers.

This was very helpful until WannaCry ransomware came around and exploited the very susceptibilities that Samba possesses.

It was recently discovered that there is a vulnerability in the remote code execution and that it impacts all Samba versions that have been released since March 1, 2010 (Samba 3.5.0).

According to a warning published by Samba, this vulnerability allows “a malicious client to upload a shared library to a writable share, and then cause[s] the server to load and execute it.”

Research has uncovered nearly half-a-million computers exposed to a vulnerable port (port 445) that are running Samba.  Additionally, there are almost 100,000 endpoints that are not only exposed to the internet but are also running vulnerable versions of Samba.  

What this means is that, without patches (read: IT security has fallen into a coma over the last few weeks), the flaw in Samba could be exploited in massive numbers, especially via PC’s that are inter-connected on home networks.  All a hacker would need to do is upload the virus onto a shared library and drop the malicious code to infect all devices.  

Fortunately, Samba has already begun the patchwork with their newest versions (4.6.4/4.5.10/4.4.14), and are strongly encouraging its users to install these sooner, rather than later.  

In addition to the patch, there is also a work around; all that is needed is to add the following extension to the Samba configuration file (smb.conf:) and to restart the network’s SMB deamon, or smbd:

nt pipe support = no

This simple add-on prevents full access from network machines, while also disabling a number of function on networked Windows OS.  

The best option for this fix, as well any others that may come out on any OS is to stay on top of updates.  It is important to update your OS as soon as possible, in order to mitigate security risks.

image_pdfimage_print

Leave a Reply