Wormable Code-Execution Bug Lurked In Samba For 7 Years

Long-time Slashdot reader williamyf was the first to share news of “a wormable bug [that] has remained undetected for seven years in Samba verions 3.5.0 onwards.” Ars Technica reports:
Researchers with security firm Rapid7…said they detected 110,000 devices exposed on the internet that appeared to run vulnerable versions of Samba. 92,500 of them appeared to run unsupported versions of Samba for which no patch was available… Those who are unable to patch immediately can work around the vulnerability by adding the line nt pipe support = no to their Samba configuration file and restart the network’s SMB daemon. The change will prevent clients from fully accessing some network computers and may disable some expected functions for connected Windows machines.

The U.S. Department of Homeland Security’s CERT group issued an anouncement urging sys-admins to update their systems, though SC Magazine cites a security researcher arguing this attack surface is much smaller than that of the Wannacry ransomware, partly because Samba is just “not as common as Windows architectures.” But the original submission also points out that while the patch came in fast, “the ‘Many eyes’ took seven years to ‘make the bug shallow’.”


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *