Choose style:

Author Topic: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems  (Read 849 times)

0 Members and 1 Guest are viewing this topic.

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 4944
  • Karma: 896
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Quote
The maintainers of Samba has already patched the issue in their new Samba versions 4.6.4/4.5.10/4.4.14, and are urging those using a vulnerable version of Samba to install the patch as soon as possible.

Yes, Swati included the attack vectors, in the article  ;)  :  https://goo.gl/7e8dpW 

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24432
  • Karma: 2697
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #1 on: June 11, 2017, 04:06:41 pm »
For those wondering, YES samba in Peppermint is already patched.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Online VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 4944
  • Karma: 896
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #2 on: June 11, 2017, 04:54:32 pm »
The Samba fix for CVE-2017-7494 should already have been applied, if one performs incremental updates.  But, some users don't do regular updates, for whatever reason(s), to their great peril.  ;)

For Ubu 16.04 LTS, the fixed Samba ver is 'samba 2:4.3.11+dfsg-0ubuntu0.16.04.7'

To double-check, run the following command from CLI:

Code: [Select]
╭─vindsl@Boogaloo-5 ~  
╰─➤  sudo apt-cache policy samba                                          100 ↵
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Version table:
 *** 2:4.3.11+dfsg-0ubuntu0.16.04.7 500
        500 http://mirrors.namecheap.com/ubuntu xenial-updates/main amd64 Packages
        500 http://mirrors.namecheap.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.3.8+dfsg-0ubuntu1 500
        500 http://mirrors.namecheap.com/ubuntu xenial/main amd64 Packages

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3727
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #3 on: June 11, 2017, 06:56:01 pm »
Hi VinDSL and PCNetSpec,

I know next to nothing about Samba.  Was this that Ubuntu server attack I read about a week ago? :-\  The good news is that my results are the same as yours. :)

perknh

Code: [Select]
perknh@peppermint ~ $ sudo apt-cache policy samba
[sudo] password for perknh:
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Version table:
 *** 2:4.3.11+dfsg-0ubuntu0.16.04.7 500
        500 http://us.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status
     2:4.3.8+dfsg-0ubuntu1 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages

We're all Peppermint users and that's what matters...
-- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24432
  • Karma: 2697
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #4 on: June 11, 2017, 07:53:37 pm »
Quite probably perknh.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3727
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #5 on: June 11, 2017, 08:50:42 pm »
Thank you, PCNetSpec.  After digging into my news sources, this is what I read about --a sudo security hole that needs to be protected with Security-Enhanced Linux (SELinux).  But perhaps the two news stories concern the same problem. :-\

1) ​Why You Must Patch the New Linux sudo Security Hole

By ZDNET for Linux.com

https://www.linux.com/news/why-you-must-patch-new-linux-sudo-security-hole-1

&

2) Criminals Hijack Linux Servers Through SambaCry Exploit to Mine Monero

By JP Buntinx for The Merkle

https://themerkle.com/criminals-hijack-linux-servers-through-sambacry-exploit-to-mine-monero/
We're all Peppermint users and that's what matters...
-- AndyInMokum

Offline PCNetSpec

  • Administrator
  • Hero
  • *****
  • Posts: 24432
  • Karma: 2697
  • "-rw-rw-rw-" .. The Number Of The Beast
    • View Profile
    • PCNetSpec
  • Peppermint version(s): Peppermint 8R, 9, and 9R
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #6 on: June 11, 2017, 09:50:26 pm »
It applies to your second link, but not your first.
WARNING: You are logged into reality as 'root' .. logging in as 'insane' is the only safe option.

Team Peppermint
PCNetSpec

Offline perknh

  • Trusted User
  • Hero
  • *****
  • Posts: 3727
  • Karma: 294
  • Soy un huevo que adora Peppermint.
    • View Profile
  • Peppermint version(s): Peppermint 9 Respin (64-bit)
Re: Warning! Hackers Started Using "SambaCry Flaw" to Hack Linux Systems
« Reply #7 on: June 11, 2017, 10:03:28 pm »
Thank you, PCNetSpec. ;)
We're all Peppermint users and that's what matters...
-- AndyInMokum