Following on from the win xp bug that allowed remote execution..

I hope linux users have fixed their file sharing exploit..
CVE-2017-7494
Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writeable share, and then cause the server to load and execute it.
version 3.5 onwards, so from 2010.
I wonder why all those eyes looking over open source code haven't spotted it earlier?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Many Linux users (myself included) don't run Samba. You only need it if you want to network with Windows machines, which I don't.
--
Chris Green
·

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 30/05/2017 22:04, Chris Green wrote:

Or with any other consumer device (admittedly probably a limited number) that understands smb but not nfs.
SteveW
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 30/05/17 22:53, Steve Walker wrote:

or sshfs.

--
Religion is regarded by the common people as true, by the wise as
foolish, and by the rulers as useful.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 30/05/2017 22:04, Chris Green wrote:

I think you will find *most* linux users run samba and need the fix. The desktop linux market is tiny compared to NAS, etc.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Well if you're including *all* Linux systems (not just desktops and laptops) then again I doubt if it's 'most' as the majority will be systems which again don't use samba/cifs. For example most domestic routers *don't* offer file sharing, nor do PVRs and other similar systems (the PVRs etc. might be clients). It's only NAS boxes that would have Samba servers and I bet they're quite rare compared with routers, PVRs, etc.
--
Chris Green
·

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 31/05/17 09:03, Chris Green wrote:

And no server worth its salt on the public internet would run Samba either.
Samba is used when you have winPCS and OSX machines that need to access a local usually corporate or domesetic NAS server.
--
Canada is all right really, though not for the whole weekend.

"Saki"
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Wed, 31 May 2017 09:43:13 +0100, The Natural Philosopher wrote:

I run Samba on one server - the house file server. It also serves NFS, so the majority of systems in the house use that.
I have a Windows PC for work stuff (relatively rarely used) and so does SWMBO (same reason). I have another old one that runs the chip programmer and little else. One son has a Windows laptop and the other a Macbook. The Samba server is the domain controller, and so all profiles get backed up. Home directories on the server.
All completely firewalled off, and yes, I have also applied the latest fix.
--
My posts are my copyright and if @diy_forums or Home Owners' Hub
wish to copy them they can pay me £1 a message.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 31/05/2017 09:03, Chris Green wrote:

Lots of routers have samba servers, they use their USB ports to share disks and/or printers. They probably won't get a fix.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

Lots, yes, but not most by any means.
--
Chris Green
·

Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 31/05/17 16:19, Chris Green wrote:

And the bug isn't in the server side, its in the WINDOWS CLIENT.
As long as you are not running windows sharing on a windows desktop, you are safe.
So all this discussion about linux servers and samba is a complete red herring.
--
New Socialism consists essentially in being seen to have your heart in
the right place whilst your head is in the clouds and your hand is in
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 31/05/2017 18:57, The Natural Philosopher wrote:

Don't talk rubbish. Its a bloody linux bug.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The Natural Philosopher wrote:

Assuming you're talking about the ms17-010 "wannacrypt" bug?

i.e. you mean not running the default configuration.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 31/05/17 19:52, Andy Burns wrote:

Default before IIRC windows Vista
AND you have to be connected to te 'net without a firewalled NAT router...and ..and
--
“Some people like to travel by train because it combines the slowness of
a car with the cramped public exposure of 
an airplane.”
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The Natural Philosopher wrote:

still the default today.

Nobody in their right mind opens TCP/445 (or 138, 139) from the internet, but you're vulnerable from any other infected machine on your LAN.
Windows 7 and above *is* slightly more sensible about bringing up/down the firewall depending whether it considers you're on a network that's part of a domain your machine is joined to, or at home (likely behind NAT) or on a parkbench sniffing free wifi.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
Chris Green wrote:

If I just installed Samba yesterday would it have a fix?
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On Thu, 01 Jun 2017 09:51:44 +1000, FMurtz wrote:

A single line added to smb.conf will make it safe. The fix is now out there.
--
My posts are my copyright and if @diy_forums or Home Owners' Hub
wish to copy them they can pay me £1 a message.
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 01/06/17 00:51, FMurtz wrote:

#No, because it never had the problem,
What about 'the fault was in windows SMB clients' did you not understand?
No fix to linux will affect a windows machine
--
"If you don’t read the news paper, you are un-informed. If you read the
news paper, you are mis-informed."
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
The Natural Philosopher wrote:

The fault was in the Windows SMB *SERVER* which is part of both desktop and server versions of windows
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload
On 01/06/17 06:58, Andy Burns wrote:

Not what I understood. You have a link to elucidate that?
Anyway, it wasnt in Samba server was it?
--
Those who want slavery should have the grace to name it by its proper
name. They must face the full meaning of that which they are advocating
  Click to see the full signature.
Add pictures here
<% if( /^image/.test(type) ){ %>
<% } %>
<%-name%>
Add image file
Upload

HomeOwnersHub.com is a website for homeowners and building and maintenance pros. It is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.