On 24 May Samba released version 4.6.4, which fixes a serious remote code execution vulnerability, vulnerability number CVE-2017-7494, which affected Samba 3.5.0 and included 4.6.4 / 4.5.10 / 4.4. 14 intermediate version. Network experts were analyzed on the vulnerability to confirm that a serious vulnerability, because can cause remote code execution.
Samba is a software that implements the SMB protocol on Linux and UNIX systems, so it’s known that this is the “eternal blue” of the Linux version. Is this statement really accurate?
Network experts said there should be no affected much like the windows WannaCry attack, because the loopholes need to be written through a Samba user permissions to samba server root privileges, Samba default is root user implementation.
Security researcher, commented: “temporarily not clear about “Eternal blue” is it really will infect SAMBA. Is SMB, 445 port is the remote use again, but this is the impact of Linux / Unix, NAS equipment may be hardest hit. No matter complex or not complicated, Linux / Unix users patch it as soon as possible.
Network expert advise linux/unix user patch it as soon as possible with the method below:
Samba users installed by source code, please download the latest version of Samba manual update as soon as possible; users using binary distribution package (RPM, etc.) immediately for yum, apt-get update and other security update operation; mitigation strategy: the user can smb.conf under the [global] section add the nt pipe support = no option, and then restart the samba service, in order to achieve the effect of mitigating the vulnerability.
The patch file are provided by the maker of Samba.
Leave a ReplyWant to join the discussion?
Feel free to contribute!