NCSC warns against the advent of a serious Samba leak exploit
The National Cyber Security Center expects an exploit to be released soon for a recently patched vulnerability in Samba as proof-of-concept code is available. More than 100,000 online systems are said to be vulnerable.
The NCSC has the warning for the Samba leak scaled up to ‘severe’ due to the expectation of exploits appearing. It was revealed this week that Samba contains a vulnerability that would allow a remote authentication attacker to upload a shared library to a shared directory, have it run by the server, and execute arbitrary code with root privileges.
The vulnerability affects all versions of Samba as of 3.5.0. The developers have a patch released for Samba 4.6.4, 4.5.10 and 4.4.14 and for the older versions there is a workaround. The NCSC puts on a queue that there are also patches for Red Hat, FreeBSD, Suse and Ubuntu, among others.
Security company Rapid7 warns that many users of, say, network storage are running Samba without probably realizing it. After a scan, the company finds that 104,000 Internet-connected systems are vulnerable, nearly 90 percent of which are running a Samba version for which the direct patch is not available.