excellent news everyone, Windows is not the only operating system with remote code execution via SMB. Linux has likewise its own, seven-year-old version of the bug. /s
This Linux remote execution vulnerability (CVE-2017-7494) impacts Samba, the Linux re-implementation of the SMB networking protocol, from versions 3.5.0 onwards (since 2010). The SambaCry moniker was almost unavoidable.
The bug, however, has nothing to do on exactly how Eternalblue works, one of the exploits that the present version of WannaCry ransomware packs with. While Eternalblue is essentially a buffer overflow exploit, CVE-2017-7494 takes advantage of an arbitrary shared library load. To exploit it, a malicious client needs to be able to upload a shared library data to a writeable share, later on it’s possible for the attacker to cause the server to tons as well as execute it. A Metasploit exploit module is already public, able to target Linux ARM, X86 as well as X86_64 architectures.
A patch addressing this defect has been published to the official website as well as Samba 4.6.4, 4.5.10 as well as 4.4.14 have been issued as security releases to correct the defect. patches against older Samba versions are likewise available. If you can’t apply the patch at the moment, the workaround is to add the parameter “nt pipe support = no” to the worldwide section of your smb.conf as well as restart smbd. note that this can disable some expected performance for Windows clients.
Meanwhile, NAS vendors begin to realise they have work on their hands. different brands as well as designs that utilize Samba for data sharing (a lot, if not all, of them provide this functionality) will have to problem firmware updates if they want to patch this flaw. If the firmware updates for these appliances take the exact same time they usually do, we will have this bug around for rather some time.