Editorial Samba at Risk from Wormable Bug Similar to WannaCry: Present on Many NAS boxes

R-T-B · May 25, 2017

Samba, the open source implementation of the Windows CIFS file sharing protocol found on Linux and many home NAS-systems, now has its own version of a "WannaCry" grade bug ready to cause users grief. Like WannaCry, Sambas bug enables remote code execution and is totally wormable. Unlike WannaCry however, it does require write access to the SMB share, limiting it's effect unless you run an unauthenticated share on the internet.

So why is this newsworthy at all? It is of course newsworthy in its own right because of bad security practices that run rampant in our industry, I would argue, but that's not really why I posted this, I will confess. Yes, I'm trying to make a point again with that blunt instrument we call "editorial." I do apologize for the inconvenience (not really).

Moving onwards to my point, what I found interesting about this particular report was that the issue was reported by none other than a government agency, and not one known for being exactly a beacon of exploit reporting: The U.S. Department of Homeland Security.

Maybe I'm jumping the gun a bit, just maybe, but could it be that after WannaCry, the government is starting to realize stockpiling exploits is not good for cyber security as a whole, and beginning to report them instead? Certainly interesting to see a government agency report an issue like this that could be used for monitoring people or something. Maybe the impact of WannaCry was to wake our government up a bit in a positive way?

I'm a positive thinking man, but even I find that a bit hard to believe from just one incident. Maybe though, this is the start of something new. I can hope. Let's keep watching and see if this trend continues.

How do you feel about this? Is the stockpiling of exploits a legitimate strategy in cyber-warfare? Should it be stopped? Expanded? If so, how far is too far? And is this evidence of a change of governmental policy in the US? Let us know what you think below.

View at TechPowerUp Main Site

R-T-B · May 25, 2017

It's marked "editorial" as per usual people. It may be more tame than many of my usual ones, but it's still an opinion, don't take any of this as fact or use the medication other than directed. If you do, contact poison control immediately.

Oh, and if you actually run an unprotected share on the internet, update your samba version, and get yourself a frickin' firewall.

lexluthermiester · May 26, 2017

R-T-B said:
It's marked "editorial" as per usual people. It may be more tame than many of my usual ones, but it's still an opinion, don't take any of this as fact or use the medication other than directed. If you do, contact poison control immediately.

Oh, and if you actually run an unprotected share on the internet, update your samba version, and get yourself a frickin' firewall.

This is one of the reasons why I don't let anything connect to the internet unless it NEEDS it to function and then that something does not connect to my house network. Yes, I run two separate networks in my home. One wired with very limited Wifi with no connection to the internet at all, and the other Wifi with a few wired jacks that has very controlled internet access sitting behind two firewalls. This may seem like over-kill but in this age of everyone and their dog trying to steal other peoples internet so they don't get into trouble for their illegal activities, one can not be to careful.

R-T-B · May 26, 2017

lexluthermiester said:
This may seem like over-kill but in this age of everyone and their dog trying to steal other peoples internet so they don't get into trouble for their illegal activities

DeathtoGnomes · May 26, 2017

Thanks for the opinion. I do agree that the USG is holding on too tight and doing more harm than good. Collecting exploits that wind up being used more often against its own citizens than on target countries. Call it stupidity when Wikileaks calls out the idiots trying to be secretive and end up showing how abusive they are with those "tools".

TheLostSwede · May 26, 2017

The big concern here is "unsupported" devices, as there are most like hundreds of thousands, if not millions of devices out there that run samba, but have fallen off the supported devices category from their original manufacturer. It means that they no longer receive software updates, but it doesn't mean the devices are useless. No company is going to go and release patches for devices that dropped off their supported devices list 4-5 years ago. These devices could be things like routers, web cameras and what not, in addition to just NAS appliances, as samba is used on anything that has remote accessible storage, so it's a rather scary thing, as so many of these devices have lax security. What's worse, many of these devices can't have the software updated, as it's an integral part of the firmware and changing samba version can break a lot of things.

librin.so.1 · May 26, 2017

>using the SMB protocol to begin with
gee wiz...

Endeavour · May 26, 2017

Do we have a fast, open, easy-to-use protocol to replace SMB/CIFS that doesn't require to set up a server?
SMB 3.x? A lot of devices and most apps only support SMB1/CIFS.
WebDAV is more widely supported, but is not as easy as CIFS and apparently it's too slow.

R-T-B · May 26, 2017

Endeavour said:
Do we have a fast, open, easy-to-use protocol to replace SMB/CIFS that doesn't require to set up a server?
SMB 3.x? A lot of devices and most apps only support SMB1/CIFS.
WebDAV is more widely supported, but is not as easy as CIFS and apparently it's too slow.

Not really. I'd hardly call NFS and the like a "replacement" because it's completely unaware of all sorts of Windows specific things.

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	Pioneer
Processor	Ryzen R9 7950X
Motherboard	GIGABYTE Aorus Elite X670 AX
Cooling	Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory	64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s)	XFX RX 7900 XTX Speedster Merc 310
Storage	2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s)	55" LG 55" B9 OLED 4K Display
Case	Thermaltake Core X31
Audio Device(s)	TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply	FSP Hydro Ti Pro 850W
Mouse	Logitech G305 Lightspeed Wireless
Keyboard	WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software	Gentoo Linux x64

System Name	Dumbass
Processor	AMD Ryzen 7800X3D
Motherboard	ASUS TUF gaming B650
Cooling	Artic Liquid Freezer 2 - 420mm
Memory	G.Skill Sniper 32gb DDR5 6000
Video Card(s)	GreenTeam 4070 ti super 16gb
Storage	Samsung EVO 500gb & 1Tb, 2tb HDD, 500gb WD Black
Display(s)	1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case	Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s)	onboard (realtek?) - SPKRS:Logitech Z623 200w 2.1
Power Supply	Corsair HX1000i
Mouse	Steeseries Esports Wireless
Keyboard	Corsair K100
Software	windows 10 H
Benchmark Scores	https://i.imgur.com/aoz3vWY.jpg?2

System Name	Overlord Mk MLI
Processor	AMD Ryzen 7 7800X3D
Motherboard	Gigabyte X670E Aorus Master
Cooling	Noctua NH-D15 SE with offsets
Memory	32GB Team T-Create Expert DDR5 6000 MHz @ CL30-34-34-68
Video Card(s)	Gainward GeForce RTX 4080 Phantom GS
Storage	1TB Solidigm P44 Pro, 2 TB Corsair MP600 Pro, 2TB Kingston KC3000
Display(s)	Acer XV272K LVbmiipruzx 4K@160Hz
Case	Fractal Design Torrent Compact
Audio Device(s)	Corsair Virtuoso SE
Power Supply	be quiet! Pure Power 12 M 850 W
Mouse	Logitech G502 Lightspeed
Keyboard	Corsair K70 Max
Software	Windows 10 Pro
Benchmark Scores	https://valid.x86.fr/5za05v

System Name	my box
Processor	AMD Ryzen 9 5950X
Motherboard	ASRock Taichi x470 Ultimate
Cooling	NZXT Kraken x72
Memory	2×16GiB @ 3200MHz, some Corsair RGB led meme crap
Video Card(s)	AMD [ASUS ROG STRIX] Radeon RX Vega64 [OC Edition]
Storage	Samsung 970 Pro && 2× Seagate IronWolf Pro 4TB in Raid 1
Display(s)	Asus VG278H + Asus VH226H
Case	Fractal Design Define R6 Black TG
Audio Device(s)	Using optical S/PDIF output lol
Power Supply	Corsair AX1200i
Mouse	Razer Naga Epic
Keyboard	Keychron Q1
Software	Funtoo Linux
Benchmark Scores	217634.24 BogoMIPS

System Name	Luna Rossa
Processor	Ryzen 5 5600X
Motherboard	MSI B550I GAMING EDGE WIFI
Cooling	Noctua NH-D15S
Memory	2×16GB Crucial Ballistix DDR4 3600MHz
Video Card(s)	NVIDIA RTX 3090 FE
Storage	Samsung SSD 990 Pro 4TB + Samsung SSD 980 Pro 2TB
Display(s)	BenQ PD3200U (32" 4K)
Case	Sliger S620 (White)
Audio Device(s)	Edifier R1800BT
Power Supply	Corsair SF750
Mouse	Pulsar Xlite V2 Wireless
Keyboard	Gok 7V (White) + Gateron X + GMK MoDo Light
Software	Windows 11 Pro

Editorial Samba at Risk from Wormable Bug Similar to WannaCry: Present on Many NAS boxes

News Editor