Vulnerability warning|Samba remote code execution vulnerability, affecting 7 years ago version-bug warning-the black bar safety net

Samba is a Linux and UNIX system of the SMB Protocol service software, can be achieved with otheroperating system such as: Microsoft Windows operating system, file system, printers and other shared resources. The vulnerability of the earliest influence to the 7 ago version, a hacker can exploit the vulnerability for remote code execution.
Vulnerability number
CVE-2017-7494
Impact version
Samba 3.5. 0 to 4. 6. 4/4. 5. 10/4. 4. 14 the intermediate version
Vulnerability description
An attacker could exploit the vulnerability remote code execution, specifically the execution conditions are as follows:
1. The server opens the file/Printer Sharing port 445, so it can be in public access
2. Sharing files has write permissions
3. A malicious attacker need to guess the Samba service end of the shared directory’s physical path
Meet the above conditions, since Samba can be selected for the directory to create a network share, when a malicious client connected to a writable shared directory, by uploading a malicious link library file, so that the service terminal program to load and execute it, in order to achieve remote code execution. According to the server, the attacker also possible to root the identity of the execution.
Vulnerability
The Samba vulnerability is reminiscent of the stage before sweeping the world of WannaCry vulnerability, the researchers suspect that the vulnerability having the same propagation characteristics.
In WannaCry the use of the vulnerability has just appeared, many people think that it does not cause a great impact, because most people don’t put file/Printer Sharing ports open to the public, but after holding this idea of people being quickly hit the face, WannaCry virus caused harm beyond everyone’s imagination.
And according to Phobus security company’s founder, Dan Tentler said that there are 477,000 for the installation of a Samba computer exposed to the 445 port, although we don’t know how many runs you can attack the Samba version. Tentler refers to Shodan search results returned. Rapid7 researchers also made statistics, they detected a 110,000 computers running the official no longer provide support for the Samba version, that is not there for these versions of the patch. Therefore, the Samba vulnerability can be caused by the impact can be imagined.
! [](/Article/UploadPic/2017-5/2017525224351726. jpg? www. myhack58. com)
But the Windows are different, the Samba of the SMB function the default is not open, you must manually open.
One possible attack scenario is that the hackers first attack in the home network NAS, because NAS is more likely to be the file sharing ports exposed to the public network, then hack further to attack LAN.
Trojan
msf has added a specialized module, you can use this msf module for testing.
! [](/Article/UploadPic/2017-5/2017525224351595. jpg? www. myhack58. com)
Bug fixes
The most secure method or patch or upgrade to Samba 4.6.4/4.5.10/4.4.14 any version, you can refer to here.
If temporarily unable to upgrade the version or install the patch, you can use temporary solution:
In the smb. conf the[global]section add the parameter:
nt pipe support = no
Then restart the smbd service.