Questions have been raised on whether this vulnerability could pose the same risk as Wanna Cry, and this vulnerability does bear some similarities, but there are some key differences.Similar to the vulnerability exploited by Wanna Cry, this exploit targets SMB, albeit a different implementation of the protocol.Qualys has provided several QIDs for detecting this vulnerability using Qualys Vulnerability Management, and will continue to add details as vendors release additional patches.38671 Samba Writable Share Remote Code Execution Vulnerability 170002 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2091-1) 170003 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2092-1) 170004 SUSE Enterprise Linux Security Update for samba (SUSE-SU-2093-1) 196791 Ubuntu Security Notification for Samba Vulnerability (USN-3296-1) 236359 Red Hat Update for samba (RHSA-2017-1270) 236360 Red Hat Update for samba4 (RHSA-2017-1271) 236361 Red Hat Update for samba3x (RHSA-2017-1272) 157455 Oracle Enterprise Linux Security Update for samba (ELSA-2017-1270) 157456 Oracle Enterprise Linux Security Update for samba4 (ELSA-2017-1271) 176040 Debian Security Update for samba (DSA 3860-1)QID 38671 offers remote (unauthenticated) detection of the vulnerability by identifying the underlying samba version.The other vendor-specific QIDs require authentication and will identify the vendor-specific patch needed for remediation.However, this vulnerability remains much more difficult to exploit, because it requires not only outdated software but also a specific configuration, such as anonymous write access to a share.Still, examples like this Samba vulnerability only continue to reinforce the ongoing need for continuous security visibility to prioritize patching and system configuration updates and for full data backups of critical files to ensure business resiliency.
Note this can disable some expected functionality for Windows clients.” As with any workarounds, this should be fully tested in your environment before a large-scale deployment is performed.
Samba is open source software that enables file and print sharing using the SMB file-sharing protocol.
This vulnerability potentially affects the following products because they use Samba version 3.5.0 or later: NETGEAR strongly recommends that all affected users download the firmware update that fixes the remote code execution vulnerability for their product as soon as it is available.
You can perform an automatic firmware update for many Ready NAS models by logging in to your Ready NAS system, waiting for the pop-up notification that new firmware is available, and confirming that you want to upgrade.
You can also perform a manual update using the steps below.
When you sign in to comment, IBM will provide your email, first name and last name to DISQUS.