Share:|

Just when you had got to grips with the Windows ransomware vulnerability WannaCry, comes another big one, dubbed SambaCry, a serious vulnerability in the open source Samba package which implements SMB/CIFS protocols. Headlines:

 

  • CVE-2017-7494
  • Remote code execution as root
  • Affects versions from 3.5.0 (released 2010)
  • Patched in core code at:
    • 4.6.4
    • 4.5.10
    • 4.4.14
  • Patched by Redhat streams - see here

 

I would not expect any Internet-exposed machines to have this open, but Shodan indicates there many thousands that are. So while you may not be exposing it directly, it may just be a matter of time before this exploit is weaponised to exploit indirect channels to get inside Intranets and propagate.

 

Note that from a Discovery appliance perspective, we don't run a Samba server, so the appliance stack is not vulnerable.