Client Portal

7 Year Old Code-Execution Bug Found In Samba

Posted May 26, 2017 by Joe Schnell 

author profile picture

Joe Schnell

Joe has extensive experience supporting companiesfrom architecture, design, engineering,evaluation, implementation and operationalization of various cybersecurity technologies.He has worked for numerous enterprise clients supporting his experience and passion toalignsecurity goals with business needs.His expertise resides in the areas of Application and Data Security, Identity, Network Security, Endpoint and Mobile Security, Monitoring and Operations, Threat and Vulnerability Management and Compliance.

Tags:

7 Year Old Code-execution Bug Found In Samba

It appears Wannacry may have gotten people looking at the SMB functions in Samba on Linux as well.  A code-execution bug was detected in all versions of Samba 3.5.0 (released March 2010) and onwards.  It is CVE-2017-7494 and there is already a Metasploit module available for attacking Linux servers running Samba for file and print sharing.

A patch is available for this vulnerability.  A line can be added to the Samba configuration file as a workaround if the Samba patch cannot be applied, but that change may affect funtionality of Windows machines accessing the share.

Arstechnica write-up – https://arstechnica.com/security/2017/05/a-wormable-code-execution-bug-has-lurked-in-samba-for-7-years-patch-now/

Samba team announcement – https://www.samba.org/samba/security/CVE-2017-7494.html

    Addresses

  • Atlanta
    675 Mansell Road, Suite 115
    Roswell, GA 30076
  • Boston
    25 Walpole Park South, Suite 12, Walpole, MA 02081
  • Rosemont
    10275 W. Higgins Road, Suite 470 Rosemont, IL 60018
  • Vernon Hills - Corporate Headquarters
    960 Woodlands Parkway Vernon Hills, IL 60061

 

  • Bloomington
    1701 E Empire St Ste 360-280 Bloomington, IL 61704
  • Chicago
    233 S Wacker Dr. Suite 9550 Chicago, IL 60606
  • Tampa
    380 Park Place, Suite 130, Clearwater, FL 33759

Have a Question?

Contact us