Move over WannaCry, this easy-to-exploit 'Samba' flaw could be about to wreak havoc

The Samba vulnerability existed in-the-wild since 2010, experts uncovered iStock

More than 100,000 computers are currently susceptible to a vulnerability in Unix and Linux-based systems that can be exploited by a single line of code. Some experts claim it has the potential, if left unchecked, to become as powerful as WannaCry, the notorious strain of ransomware.

The bug was found in "Samba", a networking utility that enables systems to share files with Microsoft Windows, and impacts versions going back seven years. Rapid7, a cybersecurity firm analysing the incident, asserted: "There's a lot of potential for it to get pretty nasty."

The firm found more than 104,000 internet-linked machines running vulnerable Samba versions, with 92,570 machines having "no direct patch" yet available.

Advertisement

"[If] a malicious actor has access to upload files to that machine, exploitation is trivial," Rapid7 warned.

As spotted by Ars Technica, one security expert discovered the vulnerability could be triggered with one simple line of code.

Both home and corporate networks with Samba, since 2010, have been at risk to remote code execution, used by hackers to completely take over computers.

Rebekah Brown, a threat expert at Rapid7, told Reuters there was no indication the bug was being actively targeted by cybercriminals, but said that could quickly change. The fear is – like WannaCry – hackers will use the vulnerability to launch a "worm" that would spread through networks.

"This one seems to be very, very easy to exploit," Brown said.

Earlier this month WannaCry became a global phenomenon after it exploited a similar Windows networking utility (called SMB) to spread to more than 300,000 computers in 150 countries.

Samba, unlike the previous bug, is not switched on by default and must be enabled manually.

Advertisement

In an advisory released this week (24 May), Samba's developers wrote: "Vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible." Rapid7 promised more information is set to be released "in the next few days".

"Many home and corporate network storage systems run Samba and it is frequently installed by default on many Linux systems, making it possible that some users are running Samba without realising it," the cybersecurity firm said in a blog post.

"Given how easy it is to enable Samba on Linux endpoints, even devices requiring it to be manually enabled will not necessarily be in the clear.

"A workaround for unsupported and vulnerable older versions (3.5.x to 4.4.x) is available, and that same workaround can also be used for supported versions that cannot upgrade. We strongly recommend that security and IT teams take immediate action to protect themselves."

Netgear, the networking firm, has released patches for a number of its products as they use Samba version 3.5.0 or later. The firm "strongly recommends" all users download the firmware updates and stressed it is "not responsible for any consequences" if fixes are ignored.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.