7 Year Old Code-Execution Bug Found In Samba

Posted May 26, 2017 by Joe Schnell 

7 Year Old Code-execution Bug Found In Samba

It appears Wannacry may have gotten people looking at the SMB functions in Samba on Linux as well.  A code-execution bug was detected in all versions of Samba 3.5.0 (released March 2010) and onwards.  It is CVE-2017-7494 and there is already a Metasploit module available for attacking Linux servers running Samba for file and print sharing.

A patch is available for this vulnerability.  A line can be added to the Samba configuration file as a workaround if the Samba patch cannot be applied, but that change may affect funtionality of Windows machines accessing the share.

Arstechnica write-up – https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/

Samba team announcement – https://www.samba.org/samba/security/CVE-2017-7494.html

Addresses

  • Atlanta
    520 W Ponce De Leon Ave #1007
    Decatur, GA 30030
  • Bloomington
    1701 E Empire St Ste 360-280 Bloomington, IL 61704
  • Boston
    25 Walpole Park South, Suite 12, Walpole, MA 02081
  • Chicago
    233 S Wacker Dr. Suite 9550 Chicago, IL 60606
  • Tampa
    380 Park Place, Suite 130, Clearwater, FL 33759
  • Vernon Hills - Corporate Headquarters
    825 Corporate Woods Parkway Vernon Hills, IL 60061

Have a Question?

Contact us