Samba Flaw Allows Hackers Access Thousands of Linux PCs Remotely
From the post:
A remote code execution vulnerability in Samba has potentially exposed a large number of Linux and UNIX machines to remote attackers. The code vulnerability (CVE-2017-7494) affects all machines with Samba versions newer than the 3.5.0 released last March 2010, making it a 7-year old flaw in the system.
Samba is a software that runs on most of the operating systems used today like Windows, UNIX, IBM, Linux, OpenVMS, and System 390. Due to its open source nature resulting from the reimplementation of the SMB (Server Message Block) networking protocol, Samba enables non-Windows operating systems like Mac OS X or GNU/Linux to give access to folders, printers, and files with Windows OS.
All affected machines can be remotely controlled by uploading a shared library to a writable program. Another command can then be used to cause the server to execute the code. This allows hackers access Linux PC remotely according to the published advisory by Samba last Wednesday, May 24.
…
Cited but not linked:
- The Samba alert notes: CVE-2017-7494.html. 24 May 2017 patch news.
- The Rapid7 Community: Patching CVE-2017-7494 in Samba: It’s the Circle of Life.
The Rapid7 Community post in particular has good details.
Not likely a repeat of WannaCry. It’s hard imagine NHS trusts running Linux.
