Newly Discovered Vulnerability Raises Fears Of Another WannaCry (reuters.com) 36

Posted by msmash from the security-woes dept.
A newly found flaw in widely used networking software leaves tens of thousands of computers potentially vulnerable to an attack similar to that caused by WannaCry, which infected more than 300,000 computers worldwide, cybersecurity researchers said on Thursday. From a Reuters report: The U.S. Department of Homeland Security on Wednesday announced the vulnerability, which could be exploited to take control of an affected computer, and urged users and administrators to apply a patch. Rebekah Brown of Rapid7, a cybersecurity company, told Reuters that there were no signs yet of attackers exploiting the vulnerability in the 12 hours since its discovery was announced. But she said it had taken researchers only 15 minutes to develop malware that made use of the hole. "This one seems to be very, very easy to exploit," she said. Rapid7 said it had found more than 100,000 computers running vulnerable versions of the software, Samba, free networking software developed for Linux and Unix computers.

  • Or something with more details?

    • You have to dig deep in the summary to get to know that Samba is the vulnerable piece of software, and the article has no technical detail. Would have been nice to get a real news title like "Critical vulnerability found in Samba on Linux", and yes, with a link the the CVE.

      It looks like the typical clickbait article. That's not what /. users want. We want some gravy, Crunch tech detail, specs, version numbers, and the most important thing, what version numbers are vulnerable and is it patched in the most

      • For these critical info, a quick search on Google news got me this. [betanews.com]

        Extract:

        All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. A patch addressing this defect has been posted to http://www.samba.org/samba/security/ [samba.org] Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at http://samba.org/samba/patches... [samba.org]. Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.

    https://www.samba.org/samba/security/CVE-2017-7494.html

    All versions of Samba from 3.5.0 onwards are vulnerable to a remote
    code execution vulnerability, allowing a malicious client to upload a
    shared library to a writable share, and then cause the server to load
    and execute it.
    Add the parameter:

    nt pipe support = no

    to the [global] section of your smb.conf and restart smbd. This
    prevents clients from accessing any named pipe endpoints. Note this
  • So dangerous (Score:1)

    by Anonymous Coward

    I had to read till halfway through the last sentence to find out what software was actually effected.

    Keep up the clickbait

  • If it's a SAMBA vuln, put the word "SAMBA" in your headline or, at the very least, in first line of the summary.

    • Yeah, but Slashdot has always disliked Samba since time immemorial.

      I think it's because early Samba Team member Tim Potter (tpot) used to troll slashdot for fun, and CmdrTaco *hated* the trolls :-).

  • My favorite part is the photo caption on the reuters link:
    FILE PHOTO: A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017.

  • had found more than 100,000 computers running vulnerable versions of the software

    Do you mean that there is 100,000 computers with samba exposed on internet? That is scary....

