The SambaCry scare gives Linux users a taste of WannaCry-Petya problems
Image: MasterTuxThe SambaCry vulnerability is to Linux what WannaCry and Petya are to Windows: big security threats. Linux users are immune to most vulnerabilities and malware outbreaks that affect Windows users. But the recent discovery of a vulnerability in Samba (dubbed SambaCry) brought them back to reality. The vulnerability has since been fixed, but the discovery warrants a little discussion.
What is SambaCry?
SabmaCry is not malware like WannaCry or Petya. Instead, it is considered a vulnerability, which presents malware with a possible avenue for attack. The vulnerability–officially called CVE-2017-7494–was named SambaCry due to similarities to the vulnerabilities that WannaCry took advantage of.
SambaCry is a vulnerability in the Samba server service, which provides SMB/CIFS capability in Linux and Unix-based systems. SMB/CIFS is, basically a file and printer-sharing protocol that Windows uses. Linux systems are capable of using several file sharing protocols, but Samba is often used in mixed environments because Windows has a hard time reading Network File System (NFS) shares.
When a Linux server is running Samba, folders called CIFS shares will appear as a network folder for Windows users. Linux and Mac users can see these shares as well, but they must be running an SMB client. (Samba can serve as both a server and client.)
The SambaCry vulnerability allows a remote user to send executable code to the server hosting the CIFS share, and execute arbitrary code. That code can encrypt a file system and hold it for ransom, for instance. Needless to say, this was a big problem that had to be taken care of pronto.
Am I affected?
If you’re wondering if your Linux system is affected, the answer is, “probably.”
Affected systems can look very different. Any server that uses Samba to host files is potentially affected. That means if you share files from your Linux laptop, you could be affected. If you’re using a Raspberry Pi as a file server, it could be affected. If you’re using a Network Attached Storage (NAS) device, you could be affected.
While a system that is behind a firewall (i.e. not exposed to the Internet) is safer, all Samba users should be wary of this vulnerability.
Okay, I’m scared. What do I do?
The first thing to know before you get too freaked out is that Samba has already been patched for its 4.6, 4.5, and 4.4 branches. If you’re running a recent Linux OS (released in the past year or so), you’ll be running one of those branches. To protect yourself, you should simply upgrade the software on your device.
Normally, I’d be concerned about devices like NAS appliances because device manufacturers can be slow to provide updates. However, this vulnerability strikes at the core of NAS functionality, and major NAS providers have already offered patches to their operating systems. I checked my own Synology device (DS416j), which was updated to fix the vulnerability on May 25. I also checked QNAP’s website for an update to a random 4-bay NAS, and the software had been patched on May 27.
If you own a NAS, I highly recommend taking the time to update your NAS’s software immediately. If you don’t already have it enabled, enable automatic updates so that future vulnerabilities can be patched. Even though I have automatic updates enabled on my Synology, I’m the kind of person who wanted to check to ensure that the update didn’t silently fail.
If you’re running a home server on a Raspberry Pi or an old PC, take the time to update the system. If you’re running Ubuntu Server, simply type the commands sudo apt update and sudo apt upgrade into a terminal.
A friendly reminder
Although Linux systems rarely suffer the same type of desktop malware that affects Windows users, Linux is not completely secure purely by virtue of being Linux. Remember that just like Windows users, one of your best defenses is keeping your system up-to-date.
