Samba

Samba released a security update to address a remote code execution vulnerability, CVE-2017-7494, in Samba versions 3.5.0 (released in 2010) and up, leaving over 104,000 installations vulnerable. Successful exploitation of this vulnerability could allow a remote threat actor to upload and execute code, as well as take full control of the targeted system. Rapid7 warns that enterprise backup systems often use Samba to send data to network-attached storage (NAS) systems and other backup servers, and many Linux systems have Samba installed by default, leaving them vulnerable. Successful exploitation could have significant impacts and exploitation appears to be trivial; proof-of-concept code has already been shared on Twitter. The NJCCIC recommends Samba users and administrators review the security advisory, upgrade Samba to version 4.4.144.5.10, or 4.6.4, apply the patch to versions 4.4.13, 4.5.9, and 4.6.3, or apply the available workaround if patching is unavailable. Additionally, enable firewall rules to prevent internal devices from receiving Server Message Block (SMB)/ Samba network connections directly from the internet, and, if Samba is used to send data to backup systems, keep an offline backup of critical data.