Linux operating systems are considered as extremely secure. However, there are security gaps as well as in any other software. The famous WannaCry worm exploited a vulnerability in the Samba implementation in Microsoft systems. It appears that a similar hole was found in Linux systems, more specifically in the Samba package.

Maybe not everyone is aware of this, but the familiar Network Neighbourhood is not an invention of Microsoft. It is based on Samba’s cross platform, which is also supported by all Linux distributions and Apple computers. Yes, macOS is able to communicate with Windows and you can easily exchange files between these operating systems. This protocol is also used to share network printers and disks. Therefore, if someone has a home NAS based on Linux, then this device is also at risk.

The vulnerability exists in the Samba server application since 3.5.0 version.

What does it have to do with WannaCry? Just like the EternalBlue exploit, it allows for remote code execution. Luckily, the attacker is limited by the best Linux security mechanism, i.e. privilege system. All commands will be executed with the samba user tights, which may simply not have access to the real user files. Interestingly, the vulnerability has existed for 7 years and no one earlier (at least officially) has not discovered it. The problem was reported by a man with a nickname steelo. This is quite possible that he was looking for this type of vulnerability after the WannaCry incident.

The error is already fixed in Samba 4.6.4, 4.5.10 and 4.4.14.

These 3 branches are officially maintained and the developers provide security patches for them. They are already in repositories of all major distributions. For example, if you use the popular Ubuntu, then you just have to type 2 commands (sudo apt-get update and sudo apt-get upgrade) and the problem is solved. On the other hand, if for some reason you are using a version of Samba that has not been released yet, you can easily deactivate the problematic code fragment. In the [global] section of the smb.conf file, just add the parameter:

nt pipe support = no

In order for this change to be used by the system, it is still necessary to restart the smbd process. Unfortunately, this solution will disable some functionality that is used by Windows client systems.

Source: CERT