>his Linux remote execution vulnerability (CVE-2017-7494) affects Samba, the Linux re-implementation of the SMB networking protocol, from versions 3.5.0 onwards (since 2010). The SambaCry moniker was almost unavoidable.
>The bug, however, has nothing to do on how Eternalblue works, one of the exploits that the current version of WannaCry ransomware packs with. While Eternalblue is essentially a buffer overflow exploit, CVE-2017-7494 takes advantage of an arbitrary shared library load. To exploit it, a malicious client needs to be able to upload a shared library file to a writeable share, afterwards it’s possible for the attacker to cause the server to load and execute it. A Metasploit exploit module is already public, able to target Linux ARM, X86 and X86_64 architectures.
http://hackaday.com/2017/05/25/linux-sambacry/
@
FREETARDS ON SUICIDE WATCH! ENJOY YOUR BOTNET!
patched already
sudo pacman -Rc smbclient
Couldn't you just patch port 445 as you do on Windows?
>>60630726
it's
>NOTHINGH
>>60630726
It was patched last week
>>60588516
This.
The post to end all of these Threads
>>60630726
Too bad it's:
- only affects the server and not the client
- only works if you allow any user write permissions (who in their right mind would allow that?!)
So yeah, almost no one is affected by it. Meanwhile, look at how much hysteria WannaCry causes.
>>60630726
>To exploit it, a malicious client needs to be able to upload a shared library file to a writeable share
Oh wow, even if it wasn't patched already
IT'S FUCKING NOTHING
>>60630764sudo pacman -Rc smbclient
checking dependencies...
Package (2) Old Version Net Change
mpv 1:0.25.0-3 -4.06 MiB
smbclient 4.6.4-1 -24.45 MiB
Total Removed Size: 28.51 MiB
:: Do you want to remove these packages? [Y/n] no i want to keep mpv
>>60630726
>Allowing samba to write data
Never would I let little winbabies write to my hard drive
>>60630726
>sambacry
What the shit were they thinking naming it like that?
Wannacry at least came from the ransomware name, Wana crypt.
Also, they're making this out to be a huge deal when really it is less of an issue than the SMB exploit because it is far less likely that an SMB share will be configured to be writeable from the Internet.
>>60630726
>patched already
>can be fixed with a flag
>using samba
>using smb/samba with fucking open network ports
>letting random retards communicate to ports for your network shares
There's a whole lot of non-issue here, dont get me wrong yes it's an exploit but only one retards would fall for. This isn't shit enabled and running by default like windows, this is shit that only a specific amount of retards let themselves become vulnerable towards.
>wincucks deflecting
Nice try, enjoy your spyware.
Nobody has internet facing smb shares so this quite literally doesn't fucking matter.
>>60630726
>FREETARDS ON SUICIDE WATCH! ENJOY YOUR BOTNET!
What did he mean by this?
>>60631181
>exploit on windows
>OMFG! LOL Xd WINKEKS BOTNET MUHHG
>exploit on mac
>OMFG! LOL Xd gays fags on suicide watch, muuuhhhh unix proprietary SHIT!111
>exploit on linux
>naahhh, it's fucking nothing. Already patched herp derp :D
>>60632946
Proprietary shills eternally BTFO and #rekt
>>60632946
this isn't an exploit on linux though, it's an exploit on a piece of software that can be be installed onto linux. It's not by any means a component of linux or the OS. Complaining about this being an exploit for linux is about as much as complaining that if dropbox had an exploit that it was the fault of windows.
and also unlike other operating systems linux users tend to actually update since our updates aren't designed around cucking users to some corporate faggot's whims
>Windows has serious vulnerability that was already patched months ago
>LMAO WINTARDS BTFO ENJOY YOUR MALWARE
>Linux has serious vulnerability that has been in the wild for over 7 years
>LA LA LA ITS NOTHING I CANT HEAR YOU LA LA LA LA
pathetic.
These threads just go to show how retarded winbabbies are. Can't even read or comprehend what it's about by even the simplest google search. All they hear is exploit and assume the earth was scorched and salted. Only making yourselves look more retarded
>>60633048
It is nothing though.
>>60633048
>LA LA LA ITS NOTHING I CANT HEAR YOU LA LA LA LA
t. microsoft:
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
>>60631391
-Runs then
>>60633046
>an exploit on a piece of software that can be be installed onto linux
Not only that, said piece of software is mostly used to interact with the backdoored Windows version
>>60633114
>>60633122
>LA LA LA LA I CANT HEAR YOU LINUX IS PERFECT MICROSHILL LA LA LA LA LA
>>60633146
Current state of wintoddlers.
>Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.
>it's a linux problem
yeah no
>>60633046
>and also unlike other operating systems linux users tend to actually update since our updates aren't designed around cucking users to some corporate faggot's whims
So much this. It was such a pain in the ass to tell if my Win7 was patched even though I had installed all updates through windows update. When I searched for the two KB's for the patch neither showed up as installed so I had to go manually install the patch to make sure I had it. On my debian box all I had to do wassudo apt update ; sudo apt upgrade -yand then check the package withapt show smbclientto see if I got the patched one. I didn't even need to restart my machine.
>>60633213
/thread
>>60633253
>apt show smbclient
apt can download changelogs.
>>60630726
i don't really get the fuzz about it.
it needs a samba share accesable from the internet, the attacker needs an account on the server with write access, to get the server to run some code from a shared library as user "nobody" ?
does something like that even exist outside of honeypots ?
---> Doesn't use Samba. OP BTFO
>>60630726
I've read the article and concluded that there is nothing substantial there
>the next big threat
Unlike Windows users, Linux users do not wait TWO FUCKING MONTHS to update our systems.
Just fucking apt-get update && apt-get upgrade, and then forget about it.
>>60630726
>Samba
Literally who cares?
>>60633374
people using windows.
they are also the only ones that are possibly retarded enough to have their samba shares accessable from the internet with write access
>>60633146
this vulnerability is bullshit since
>>60633213
>>60633046
>>60632798
>>60631489
>>60631033
This exploit shouldn't be a thing since you have to be stupid on the first hand (kind of remind me this retard running firefox as root)
Windows exploit on the other hand was using an exploit on the OS that anyone could have + the update policy of windows is shit.
imo you have to be a retard to get both malware on your computer, but you have to admit linux is overall more secure than this piece of shit.
>>60630764
smb != samba
Also, patched
>>60633574
it's named smbclient on arch.
>>60633589
https://www.archlinux.org/packages/extra/x86_64/samba/
dirtycow is actually way more serious but still gets ignored to this day
>>60632798
>only one retards would fall for
Same for Wannacry. Only retards would click a mail attachment and open it or not use a properly configured firewall.
Especially in institutions, where supposedly IT staff shouldn't let SMB ports open or use antiquated OSes.
How many home users affected by Wannacry did you see? Basically none. The malware was designed to attack computers using the SMB port in a corporate LAN. All the affected PCs had Windows 7 or 8 installed.
>>60633405
The only affected PCs were from institutions and companies. So it's actually IT staff and management that's to blame. They went cheap on their IT infrastructure and this bit them eventually.
Home users were not affected.
>>60631391
>>60633135pacman -Rdd <package>to force remove a package. You should first check which packages will be affected and then test if they still function properly afterwards.
>>60633886
>The only affected PCs were from institutions and companies
>So it's actually IT staff and management that's to blame
i find it hard to believe there's any company/institution having a samba share accessable from the internet with writeaccess for everyone.
thats something even indians could manage to set up correctly
>>60633984
Just do a search. Can you find like 10 examples of home users affected by Wannacry?
On the other hand, there were hundreds of thousands of PCs from institutions and businesses affected by it. It wasn't designed for home users.
Who even owns more than a home PC and uses SMB on their home LAN?
Only institutions and firms do that..
>>60633984
SMB is not even installed by default with Windows, I think.
>>60634594
>Who even owns more than a home PC and uses SMB on their home LAN?
people owning a NAS, various IOT devices, etc
>>60634632
Which is not most people. Most people can barely use the programs installed by default. And still no home users were reported to have been affected by Wannacry.
Only old systems (Win 7 and 8) from some public institutions (hospitals, schools) and firms were affected. Because, most likely, they were the target.
>>60630726
>a malicious client needs to be able to upload a shared library file to a writeable share
kek
Did you know there's a vulnerability in your computer RIGHT NOW? If you press the power switch it turns off! How has this not received more attention??
>>60634793
didn't microsoft switch to hibernate by default because windows users are retarded ?
>>60634824
Well,you're right about the retarded part,but I'm not too sure about the rest.
;^)
>>60634624
anon...
>>60633942
This shit breaks mpv by the way. Don't know why it's on my computer or why it's needed but I'd like to disable it from doing anything while still being installed.