The developer’s of Samba networking software has detected a major flaw that allows attackers to gain remote access to the affected Linux and Unix based computers. The remote code execution vulnerability is said to be a 7 year old flaw prevalent in the Samba networking software.

Samba-A networking software has been used widely since 1992 for storing files. It has also been used to provide smooth printing services for its users. The Samba networking software uses SMB/CIFS protocol and is an important used as a bridge to integrate Linux servers, Unix servers and desktops into active directory environment.

The maintainers of Samba issued an advisory that stated:

"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it”.

The Samba vulnerability is said to be critical as most Network-attached Storage (NAS) devices have their functionalities integrated with Samba. These NAS devices have are used across the world for data storage and henceforth the vulnerability "has the potential to be the first large-scale Linux ransomware worm”, said Craig Williams (Sr. Technical Leader and Security Outreach Manager CISCO).

As far as the stats are to be taken into consideration about 110,000 computers and network storage devices run on Samba across the world out of which a whooping 92,500 devices are not supported anymore by Samba and for which security patch is not available anymore.

Given the fact that a decent number of devices are exposed to the vulnerability, the maintainers of Samba have advised its clients to upgrade their systems with the latest security patches as soon as possible.

Download the latest Samba Security Patch Here

A simple workaround has been issued for those users who are using unsupported versions of Samba. Apparently a single line of the following code has been suggested to be added to the Samba configuration file

nt pipe support = no

This simple code will deny access to computers in the network but at the same time it is also said to be a catalyst in disabling certain functionalities of computers and devices driven by Microsoft machines.

Find the loopholes in your security. Contact us for Vulnerability Assessment and Penetration Testing.

Date Published
May 30, 2017