The developers of Samba have plugged a critical remote code execution flaw that could allow a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
The open-source Samba project issued a high-severity advisory for a remote code execution vulnerability identified as CVE-2017-7494 on May 24. Unlike the Microsoft SMB flaw, which was allegedly discovered by the NSA and then stolen by Shadow Brokers hacker group, the Samba flaw was responsibly reported to Samba by a third party researcher using the alias ‘steelo’.
The vulnerability affects all versions of Samba from 3.5.0 onwards, which means that it was been introduced more than seven years ago.
It can be exploited with just one line of code, as long as a few conditions are met:
(a) make file- and printer-sharing port 445 reachable on the Internet
(b) configure shared files to have write privileges
(c) use known or guessable server paths for those files.”
There are already patches available for the issue, with the new release of Samba 4.6.4, 4.5.10 and 4.4.10. There are also patches available for older Samba 3.x versions.