4

I do understand that basically all Versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability. And there is even PoC Code to check if a specific server is vulnerable by myself. But I do not understand in what exact circumstances a server is vulnerable. Rapid7 wants to tell who is affected, but does not provide a concrete answer to this.

Some source tells that the attacker has to have authorized access with write-permissions. But this information does not satisfy me. What is the exact combination of states and events that lets an attacker exploit this vulnerability?

anon
  • 386
  • 1
  • 10

1 Answers1

4

You are exposed to this vulnerability only if,

  • You are using Samba versions 3.5.0 to 4.4.14, 4.5.10, and 4.6.4
  • Intruder have a valid credential for accessing samba server
  • You have a shared writable folder which can be accessible by intruder so that he can save the payload (shared library).

So, if the above requirements met then the intruder can exploit the vulnerability.

According to RedHat,

A remote code execution flaw was found in Samba. A malicious authenticated samba client, having write access to the samba share, could use this flaw to execute arbitrary code as root.

arif
  • 1,088
  • 13
  • 24