Samba Vulnerability Could Usher In Another WannaCry Worm

A flaw has been discovered in the Samba networking protocol which may leave tens of thousands of computers open to infection from widespread malware such as WannaCry.

The flaw, which could facilitate the upload of malicious files to a system or server and enable remote code execution, was reported by the US Department of Homeland Security, which urged system administrators to take action to plug the hole.

Samba security slip-up

The vulnerability is particularly pertinent as Samba is offered as a free networking protocol to Unix, Linux and Windows, so whereas the WannaCry worm only affected Windows-based PCs, a worm created to exploit the Samba vulnerability could spread to many more machines and devices with operating systems based on Unix or Linux.

“All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it,” said Samba’s advisory.

Samba has released a patch to plug the security hole, but it will be up to system administrators to download and apply the appropriate patch.

However, cyber security firm Rapid7 noted that the vulnerability, tagged  CVE-2017-7494, is not as easy to mitigate as WannaCry was.

“Samba makes it possible for Unix and Linux systems to share files the same way Windows does. While the WannaCry ransomworm impacted Windows systems and was easily identifiable, with clear remediation steps, the Samba vulnerability will impact Linux and Unix systems and could present significant technical obstacles to obtaining or deploying appropriate remediations,” said Jen Ellis, vice president of community and public affairs at Rapid7.

“These obstacles will most likely present themselves in situations where devices are unmanaged by typical patch deployment solutions or don’t allow OS-level patching by the user. As a result, we believe those systems may be likely conduits into business networks.”

This raises concerns that vulnerable machines may reamin opne to hackers from the discovery of the security hole onwards. However, there have been no reported attacks that have exploited the security hole beyond the confines of a test environment.

As such the comparisons to WannaCry may be a tad exaggerated, but given how that ransomware managed to disrupt major NHS hospitals, the last thing need are more security holes that could facilitate the spread of other ransomware bearing worms.

Quiz: Cyber security in 2017