Samba is the Server Message Block protocol implementation on Unix boxes. There have been a couple of exploits that the Samba group has fixed, including the Unix equivalent of the EternalBlue exploit used in the recent WannaCry(pt) ransomware attacks.
As per CVE-2017-7494, April 4, 2017: “Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.” This has been fixed by the Samba development group:
|24 May 2017||patch for Samba 4.6.3, 4.5.9, 4.4.13||Remote code execution from a writable share.||All versions between Samba 3.5.0 and 4.6.4/4.5.10/4.4.1|
If you cannot upgrade, exploitation can be avoided by putting the directive:
nt pipe support = no
into the smb.conf file and restarting the “smbd” service or the device.
Most Network Attached Storage (NAS) servers use Samba, and they can often be found outside the firewall for access purposes. Synology and Netgear have software updates for their products. I put forth an inquiry to Drobo.
The three major forks of Linux distributions, Slackware (’92), Debian (’93), and Redhat/Fedora (’94) all have updated Samba packages that should be installed.
The three major forks of BSD distributions, FreeBSD, OpenBSD, and NetBSD also have updated Samba packages as well.