What is the latest samba vulnability, and should I care?

Question

I've seen this post on Slashdot.

Quote: there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced. But she said it had taken researchers only 15 minutes to develop malware that made use of the hole.

Question: should I be worried about this, if i'm using Windows 7 and Ubuntu 16.04 LTS, both with latest patch?

Related: [“WannaCry” on Linux systems: How do you protect yourself?](https://unix.stackexchange.com/questions/367138/wannacry-on-linux-systems-how-do-you-protect-yourself) — Mike Ounsworth, May 25 '17 at 19:13

score 2 · Answer 1 · answered May 25 '17 at 19:21

2

The new Samba vulnerability is exploitable where the attacker has access to a writable SMB share.

So if , for example , you have a home network which doesn't expose port 445/TCP, you're unlikely to be directly affected by this issue.

Also applying all patches for your Operating Ssytems should address this.

One other thing to watch for is that devices such as Network Attached Storage systems can be vulnerable to this issue if they make SMB shares available.

answered May 25 '17 at 19:21

Rory McCune

60,923
14
136
217

+1 for NAS devices. Can you confirm that a samba patch is available for all (most?) linux distros? – Mike Ounsworth May 25 '17 at 20:00

What is the latest samba vulnability, and should I care?

1 Answers1