Researchers have warned that Linux and Unix machines are affected by a Samba exploit that could allow an attacker to take control of the systems. This could open doors to attacks similar to WannaCry. The Samba team and developers have pushed patches to fix
the flaw.amba is a free software license under the GNU GPL license that’s widely used on Linux and Unix computers for making them work with Windows file and printing services. A security vulnerability in Samba could leave hundreds and thousands of computers open to attacks.
With ID CVE-2017-7494, the vulnerability has been described as remote code execution from a writable share. As per the description, this flaw could allow malicious users to upload and make the smdb server to execute a shared library from a writable share.
Nick Bilogorskiy of Cyphort says that there are no active exploits in the wild, but the damage from Samba vulnerability could be steep, according to TechTarget. This flaw affects Samba versions 3.5 and newer.
This is because the vulnerability can allow remote code execution and an attacker can gain full control over a computer. This flaw isn’t exactly new, but recent developments showed that it’s more serious than expected.
Having seen the wrath of WannaCry ransomware in recent weeks, comparisons between Samba flaw and WannaCry are unavoidable. The experts have outlined that like WannaCry, Samba flaw can be used as a conduit for a wormhole exploit for quick expansion.
It should also be noted that an exploit which uses Samba flaw would make use of the bugs in the same SMB protocol used by the WannaCry’s NSA tools.
Earlier this week, The Samba Team, a group of 40 developers, released the patch to address this vulnerability. Apart from that, adding the “nt pipe support = no” to smb.conf file and restarting the service mitigates the threat, writes Cisco in a security bulletin.
Comments
Post a Comment