Choose style:

Author Topic: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?  (Read 961 times)

0 Members and 1 Guest are viewing this topic.

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 4950
  • Karma: 899
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
7-Year-Old Samba Flaw Lets Hackers Access Thousands of Linux PCs Remotely

The newly discovered remote code execution vulnerability (CVE-2017-7494) affects all versions newer than Samba 3.5.0 that was released on March 1, 2010.

"All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it," Samba wrote in an advisory published Wednesday.

SOURCE: https://goo.gl/WUg4il

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24461
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #1 on: May 25, 2017, 07:33:26 am »
Netgear are on the ball .. received a firmware update for my ReadyNAS that contains the patch this morning
https://kb.netgear.com/000038777/ReadyNAS-OS-6-Software-Version-6-7-3
:)
« Last Edit: May 25, 2017, 07:35:13 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24461
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #2 on: May 25, 2017, 08:01:24 am »
Oh, and for anyone who's wondering .. if your Peppermint (6 / 7 / or 8 bet/rc) system is "up to date" you're already patched ;)

You can check by running:
Code: [Select]
dpkg -l | grep samba
and check that the samba packages returned say either.

For Peppermint 7 / 8 beta/rc)
2:4.3.11+dfsg-0ubuntu0.16.04.7

or for Peppermint 6
2:4.3.11+dfsg-0ubuntu0.14.04.8

or higher.



Further info:
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html
and
https://www.ubuntu.com/usn/usn-3296-1/
« Last Edit: May 25, 2017, 08:04:41 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1896
  • Karma: 322
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #3 on: May 25, 2017, 08:26:36 am »
Openmediavault is based on Debian, so can I take it they'll have this patch available too?

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24461
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #4 on: May 25, 2017, 08:37:12 am »
I would "assume" Debian is patched, but I don't know enough about how Mediavault gets its updates to be able to say one way or the other.

[EDIT]

There's more info on the Debian patched versions here:
https://security-tracker.debian.org/tracker/CVE-2017-7494
but you'd need to check your samba version.
« Last Edit: May 25, 2017, 08:40:52 am by PCNetSpec »
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1896
  • Karma: 322
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #5 on: May 25, 2017, 08:53:00 am »
I've just done the upgrade and it included all the Samba stuff. I feel like just stopping using Samba altogether, what with its reputation going down the pan lately.

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24461
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #6 on: May 25, 2017, 09:18:54 am »
If you have no Windows PC's sure switch to NFS .. but I gather Windows dropped the NFS client in Win7, dunno if they've since added it back.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1896
  • Karma: 322
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #7 on: May 25, 2017, 09:27:24 am »
The windows side is a whole other story which I don't even want to get into. If it was up to me I'd nuke it entirely  :-X

But the Amazon Fire Stick is based on Android, and I don't know why Android doesn't support NFS.

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24461
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #8 on: May 25, 2017, 09:30:25 am »
That I did not know :o

Does Android (and OpenMediavault) support AFP ?
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1896
  • Karma: 322
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #9 on: May 25, 2017, 09:38:41 am »
I think OMV could be made to support the Apple protocol with some faffing around, but I'm more doubtful about Android/FireOS.

Online PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24461
  • Karma: 2698
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #10 on: May 25, 2017, 09:50:51 am »
Looks like you're stuck with SMB then :(
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline murraymint

  • Trusted User
  • Veteran
  • *****
  • Posts: 1896
  • Karma: 322
  • soft boiled with a yolk of gold
    • View Profile
  • Peppermint version(s): 7, 8, 9
Re: Is This Samba RCE Flaw the Linux version of "EternalBlue" ?
« Reply #11 on: May 25, 2017, 10:09:18 am »
DLNA works for most things like VLC (not sure about Kodi) but it's handy to just use a file explorer to install apps now and then.