9abbaa14d9142a434d18eba35dfe0f7d Estanys Blaus, News

Atenció ! Wannacry arriba a Linux !

29.05.2017

Benvolgut/da,

 

Avui mateix ens hem assabentat d’una vulnerabilitat que afecta a tots els sistemes Linux Samba (CVE-2017-7494). Samba és un “estàndard de fet” en donar servei de fitxers i impressores en entorns Windows i per tant està instal·lat per defecte en molts dispositius i sistemes com ara NAS, routers, tallafocs... Els especialistes esperen un nou atac mundial del tipus “wannacry” , semblant al que hem patit fa dues setmanes.

 

De moment, més avall, us adjuntem el e-mailing rebut del nostre col·lega Anton Gostev de Veeam.

 

Atentament,

 

Xavier Ruiz

ESTANYS BLAUS

 

 

-----------------------------------------------------------------------------------------------------------------------------------

 

Veeam Community Forums Digest

May 22 - May 28, 2017

 

THE WORD FROM GOSTEV


And those of you who have already been using the agent may soon be happy they have backups – because WannaCry comes to Linux! Yep, EternalBlue exploit for Linux aka SambaCry (CVE-2017-7494) has been published last week – so the countdown to another worldwide IT havoc has already started. The vulnerability affects all versions of Samba from 3.5 (released March 1, 2010) and onward – up until the latest versions which are 4.6.4, 4.5.10 and 4.4.14. This exploit is going to be a huge problem for most IT shops, as Samba is the defacto standard for providing Windows-based file and print services on Linux, and as such it is usually installed by default on many systems. But even those small, purely Windows shops are in danger here because at the very least, their Linux-based NAS devices (often also holding backups!) and routers are likely exploitable. For all I know, my home NAS and both routers are all affected.

From what I gather, the vulnerability is very easy to exploit: all it takes is a single simple.create_pipe command with a path to special .so and bingo! Major Linux distributions, such as Red Hat and Ubuntu, have already released patches. However, I don't expect consumer NAS and networking vendors to be able to react as fast, or ever (why would they go back and patch some 7 year old devices)? So for those devices, you want to apply a manual fix against the vulnerability by adding nt pipe support = no line into smb.conf configuration file (remember to restart the SMB daemon smbd).

Some thoughts on this... WannaCry obviously did sparkle a new wave of discussions on how Linux is superior in terms of security, and how big the impact on business could be for betting on Windows. But SambaCry not only levels the scales – it tips them over! Because if WannaCry was easily identifiable and has a simple remediation, SambaCry presents significant obstacles in obtaining and deploying patches for all those countless virtual or physical Linux-based appliances in your network which are not covered by the OS patch deployment process, or simply not allowing OS-level patching. Obviously, instead of doing useless things like encrypting appliances themselves, smart hackers will prefer to remain undetected, and use those systems as conduits into your production network. So, SambaCry may go a long way and have a unique and unpredictable impact on every business.

Funny enough, Microsoft was quick to prevent appliance massacre from WannaCry in Azure – albeit impacting our business in a big and unexpected way. As you may know, Veeam has a number of appliances in the Azure marketplace, and some of our products are distributed exclusively through the marketplace – for example, Veeam Managed Backup Portal. So when WannaCry came, Microsoft simply pulled all legacy Windows-based images from the marketplace, and asked all publishers to update and re-deploy all of their images. And this is really not the kind of task one can do overnight, but customers could not deploy our software – so we had to scramble (by the way, we should be done later this week). Needless to say, we were pretty upset about this – but Microsoft did the necessary evil and the only right thing to prevent much bigger problems.

 

 

Altres notícies

QUALITEASY INTERNET SOLUTIONS

Visitar enllaç

Finançament dels teus Projectes TI

Visitar enllaç

Telefonia IP amb Cisco, redueix costos i millora la productivitat

Visitar enllaç

GFI WebMonitor, control i monitorització de l'accés a Internet

Visitar enllaç

Newsletter

Per rebre informació registreu-vos al servei de newsletter

Plaça Fra Ignasi Barnoya i Oms, 16, Baixos · 17003 Girona · Tel. 972 417 617 · Fax. 972 207 977 · info@estanysblaus.com

Avís legal · Política de privacitat · Política de cookies