肆虐全球Windows设备的“永恒之蓝”勒索病毒攻击余波未平,一个Linux版的“永恒之蓝”又出现了。
360官方博客25日紧急发布了Samba远程代码执行漏洞警报(CVE-2017-7494)。
Samba是在Linux和Unix系统上实现SMB协议的开源软件,正广泛应用在Linux服务器、NAS网络存储产品以及路由器等各种IoT智能硬件上。
360方面介绍,与Windows版的“永恒之蓝”相比,Samba漏洞相对比较简单、更容易被攻击,而且同样威力巨大,可以远程执行任意代码。其漏洞攻击工具也已在网上公开,很可能被不法分子恶意利用。
对普通个人用户来说,Samba漏洞会对各种常用的智能硬件造成严重威胁。例如,全球流行的路由器开源固件OpenWrt就受到Samba漏洞影响,可能导致路由器被黑客控制,劫持或监听网络流量,甚至给上网设备植入木马。此外,包括智能电视等设备中,Samba文件共享也是常用的服务。
针对各类智能硬件用户,建议用户及时关闭路由器、智能电视等设备的Samba文件共享服务,等待固件进行安全更新后再开启Samba。
[infobox]解决方案
360网络安全响应中心和360信息安全部建议使用受影响版本的用户立即通过以下方式来进行安全更新操作,
使用源码安装的Samba用户,请尽快下载最新的Samba版本手动更新;
使用二进制分发包(RPM等方式)的用户立即进行yum,apt-get update等安全更新操作;
缓解策略:用户可以通过在smb.conf的[global]节点下增加 nt pipe support = no 选项,然后重新启动samba服务, 以此达到缓解该漏洞的效果。[/infobox]
漏洞来源:
CVE-2017-7494.html:====================== Subject: Remote code execution from a writable share.==== CVE ID#: CVE-2017-7494==== Versions: All versions of Samba from 3.5.0 onwards.==== Summary: Malicious clients can upload and cause the smbd server== to execute a shared library from a writable share.=====================Deion===========All versions of Samba from 3.5.0 onwards are vulnerable to a remotecode execution vulnerability, allowing a malicious client to upload ashared library to a writable share, and then cause the server to loadand execute it.==================Patch Availability==================A patch addressing this defect has been posted to http://www.samba.org/samba/security/Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued assecurity releases to correct the defect. Patches against older Sambaversions are available at http://samba.org/samba/patches/. Sambavendors and administrators running affected versions are advised toupgrade or apply the patch as soon as possible.==========Workaround==========Add the parameter:nt pipe support = noto the [global] section of your smb.conf and restart smbd. Thisprevents clients from accessing any named pipe endpoints. Note thiscan disable some expected functionality for Windows clients.=======Credits=======This problem was found by steelo
本文转至互联网
