Is Linux safe? After Windows, SMB & Samba vulnerability

In recent weeks, Microsoft has begun to have laminates ασφαλείας, για μια παλιά ευπάθεια του SMB από την επίθεση ransomware WannaCry. Στις δημοσιεύσεις μας διαπιστώσαμε ότι υπήρχαν πολλοί που ανέφεραν περήφανα σε στο Facebook, ή στο site, ότι το θέμα δεν τους αφορά γιατί χρησιμοποιούν Linux…

So this week, it's the turn of Samba, the popular open source SMB server .

The good news is, of course, that the Samba file sharing error has already been corrected. The bad news is that you may be using Samba without knowing it. In this case, there may be no way to fix the vulnerability.SMB

Where? How? If you have one network attached storage (NAS) to store your files, documents, paid bills, or your family photos, you are likely running Samba, the - file and print server. It is commonly used in these devices and the companies that make them are not known for updating them quickly. Sometimes they don't at all…

Here we have to mention that security gap CVE-2017-7494, has been around for seven years. The bug started with Samba 3.5.0, which was released on March 10, 2010. All versions since then (yes all versions) including the latest version, 4.6.4, are vulnerable to this remote error code execution to intruders.

Bad news does not stop here. While Samba 4.6.4, 4.5.10, and 4.4.14 have already been released as security versions to fix the problem, you will need to manually correct the older versions of Samba.

The application security void allows an attacker to load a shared library into a recordable disk share. Once havker enters, he can run the server and run at least one malicious root file.

The exploit of the server seems to be insignificant. HD Moore, VP Research & Development at security company Atredis Partners, claims that "metasploit one-liner to trigger" is simple: simple.create_pipe ("/ path / to /")

This bug has been adapted to tools and can be conveniently used by .

Η security analyst Rapid7 reports that "the internet isn't on fire yet, but the specifications are there for something very big to begin."

How dangerous is it really?

In a Project Sonar of Rapid7 Labs the company reports that over 104.000 endpoints have been found online and appear to be running vulnerable versions of Samba on the 445 port. "Of these, almost 90% (92.570) are running versions for which there are currently no patches available immediately."

If you are running Samba on a Linux or Unix server, you will need to fix it now. If you are running a version of Samba that has not been updated, upgrade it to a more recent version as soon as possible. If for some reason you can not do this, you will need to edit the smb.conf file, the master configuration file of the Samba server.

To do this, add the parameter:

nt pipe support = no

in unit [] του smb.conf και κάντε επανεκκίνηση στο smbd, του Samba daemon. Αυτό θα εμποδίσει τα clients να έχουν πρόσβαση σε αναγνωρίσιμα pipe endpoints και έτσι δεν θα μπορούν να κάνουν χρήση της ευπάθειας. Δυστυχώς, αυτή η παραμέτρος μπορεί να επηρεάσει τον τρόπο με τον οποίο έχουν πρόσβαση σε αρχεία ή φακέλους οι υπολογιστές-clients με Windows σε μια κοινόχρηστη μονάδα που βασίζεται σε Samba.

But let's say you can not fix it. Yes, the most important Linux distributors give you rights to fix your servers. But NAS vendors?

What can you do; How can you protect yourself if you are responsible for the server farm of your business or just have a NAS?

First, make sure none of the Samba share toy is public. If you grant write permissions to anyone in your network, you can install malicious programs.

Then if you have given access to of Samba-storage to be visited over the internet by keeping port 445 open, stop it immediately. Now. Block the port immediately with your firewall. The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).