Is Linux safe? After Windows, SMB & Samba vulnerability

In recent weeks, Microsoft has started rolling out security updates for an old SMB vulnerability from the ransomware attack . In our posts we found that there were many who proudly stated in comments on Facebook, or on the site, that the issue does not concern them because they use Linux…

This week well, it's the turn of Samba, the popular SMB open source.

The good news is of course that the Samba file sharing bug has already been fixed. The bad news is that maybe te Samba without knowing it. In this case, there may be no way to fix the vulnerability.SMB

Where? How? If you have one αποθήκευσης συνδεδεμένη στο δίκτυο () για αποθήκευση των αρχείων σας, έγγραφα, πληρωμένους λογαριασμούς, ή τις οικογενειακές σας φωτογραφίες, είναι πιθανό να τρέχετε το Samba, τον -source file and print server. It is commonly used in these devices and the companies that make them are not known for updating them quickly. Sometimes they don't at all…

Here we have to mention that security gap CVE-2017-7494has been there for seven years now. The error started from Samba 3.5.0, which was released on 10 March of 2010. All versions since then (including all versions) including the latest 4.6.4 are vulnerable to this error that gives remote code execution access to intruders.

Bad news does not stop here. While Samba 4.6.4, 4.5.10, and 4.4.14 have already been released as security versions to fix the problem, you will need to manually correct the older versions of Samba.

The application security void allows an attacker to load a shared library into a recordable disk share. Once havker enters, he can run the server and run at least one malicious root file.

The server exploit appears to be trivial. HD Moore, VP Research & Development at security firm Atredis Partners, claims that the “metasploit one-liner to ”Is simple: simple.create_pipe (“ / path / to / target.so ”)

This bug has been adjusted to and can be easily used by script-kiddies as well.

Security company Rapid7 says that "the internet has not yet caught fire, but there are specs to start something very big".

How dangerous is it really?

In a Project Sonar of Rapid7 Labs the company reports that over 104.000 endpoints have been found online and appear to be running vulnerable versions of Samba on the 445 port. "Of these, almost 90% (92.570) are running versions for which there are currently no patches available immediately."

If you are running Samba on a Linux or Unix server, you will need to fix it now. If you are running a version of Samba that has not been updated, upgrade it to a more recent version as soon as possible. If for some reason you can not do this, you will need to edit the smb.conf file, the master configuration file of the Samba server.

To do this, add the parameter:

nt pipe support = no

in the [global] section of smb.conf and restart the smbd, the Samba daemon. This will prevent clients from accessing identifiable pipe endpoints, so they will not be able to use the vulnerability. Unfortunately, this parameter may affect how Windows-based computers or clients access files or folders on a Samba-based shared drive.

But let's say you can not fix it. Yes, the most important Linux distributors give you rights to fix your servers. But NAS vendors?

What can you do; How can you protect yourself if you are responsible for the server farm of your business or just have a NAS?

First, make sure none of the Samba share toy is public. If you grant write permissions to anyone in your network, you can install malicious programs.

Then, if you have given access to Samba-storage users to visit it via the Internet by keeping 445 open, stop it immediately. Now. Exclude the port directly with the firewall you are using.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).