Security researchers discovered a severe vulnerability affecting Samba versions 3.5.0 and later. The flaw enables remote attackers to execute arbitrary code by uploading malicious shared libraries to writable network shares.
Vulnerability Details
CVE ID: CVE-2017-7494
Severity: Critical Remote Code Execution
The vulnerability allows “a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.” Exploiting this requires minimal effort - a single line of code suffices to trigger execution on vulnerable systems.
Impact & Prevalence
A global scan conducted on May 25, 2017 using masscan identified approximately 3.6 million unique hosts with port 445 exposed. The vulnerability affects numerous NAS devices and systems running vulnerable Samba versions.
Mitigation Options
Immediate Actions:
- Apply security patches from official Samba repositories
- For unsupported versions, add
nt pipe support = noto Samba configuration and restart the service
nt pipe support = no
Available Resources
- Official patches and security advisories
- Multiple public exploits (PoC, Metasploit module, Exploit-DB variants)
- Demonstrated working exploits on Ubuntu 16.04 and Synology NAS devices
The vulnerability has potential for wormable payloads similar to WannaCry due to the ease of exploitation and widespread exposure.
Recommendations
- Apply official patches immediately
- Disable nt pipe support as temporary mitigation
- Audit Samba share configurations
- Monitor for exploitation attempts