Following the news about Samba Vulnerability Bob Rudis, Chief Data Scientist at Rapid7 commented below.
Bob Rudis, Chief Data Scientist at Rapid7:
“We strongly recommend that security and IT teams take immediate action to protect themselves from this vulnerability (Samba CVE-2017-7494). If there is a vulnerable version of Samba running on a device, and a malicious actor has access to upload files to that machine, exploitation is trivial.
In a Sonar scan run today, Rapid7 Labs discovered more than 104,000 endpoints (devices) exposed on the internet that appear to be running vulnerable versions of Samba (3.5 or later). Of those 104,000, almost 90% (92,570) appear to be running versions that are potentially vulnerable and for which there is currently no direct patch available.
We believe these vulnerable systems are likely conduits into organisation networks; but it’s also likely that many of these devices are personal, IoT devices. Many home and corporate network storage systems also run Samba, and it’s very straightforward to enable the Samba service on any Linux endpoint.
Organisations should be reviewing their official asset and configuration management systems to immediately identify vulnerable systems and then perform comprehensive and regular full network vulnerability scans to identify misconfigured or rogue systems. Many NAS environments are used as network backup systems; a direct attack or worm would render those backups almost useless. We advise that organizations create an offline copy of critical data as soon as possible if patching can not be done immediately.”
