Samba, the standard for Windows interoperability suite of programs, is detected with a critical flaw. The bug has been existed in the Samba codebase for over seven years and is aimed to crash Linux systems.
SANS Internet Storm Centre (ISC) has published a brief report about the Samba flaw. The report highlights that the attackers can leverage the vulnerability to exploit Linux running computers by running a one-liner code. “The vulnerable component is the daemon that offers file sharing capabilities,” ISC Handler Xavier Mertens said in the report.
The exploit is designed in a way to spread rapidly. It just requires an open SMB share (TCP/445) to let attackers upload a shared library to writable share and execute the malicious code while loading the server.
Once the attackers receive access to arbitrary module, they have to execute the code remotely to crash the system.
Linux’ WannaCry
Linux community members are calling it as Linux’ WannaCry — named after the infamous ransomware attack that was recently emerged on Microsoft Windows. Any exploit against Samba flaw capitalises on bugs in the same SMB protocol.
Since Samba is extensively used by Linux users for running Windows software on Linux and Unix, its development team has quickly responded to the issue and released a security advisory.
“All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it,” the Samba team writes in the advisory.
In addition to downloading the latest Samba release, users can manually fix the issue by adding the parameter “nt pipe support = no” in the global section of Samba configuration file smb.conf.