SambaCry 正式登錄Linux

今次到 #Samba (Linux 上嘅 SMB share server) 有遙距攻擊漏洞，Exploit code 已流通，不禁令人擔心類似 #WannaCry 同 #EternalBlue 相關嘅攻擊今次會針對 Linux-based 系統。如果攻擊成功，除咗有機會中 Ransomware 外，仲可能偷或修改到部機入面嘅資料 。

https://www.facebook.com/InfoSecOnGround/posts/716393495206994

#NAS 高危！

Btw 跟據小編尋晚收集嘅資料，攻擊條件可能包括有 writable share / pipe，未必係人都得，但值得大家留意一下。

詳情：https://www.samba.org/samba/security/CVE-2017-7494.html

有patch未

有patch未

有

MrA:用家問題

Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit

2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.

3. Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.

🤢

NAS 啲 vendor 升級密唔密
用緊西部數碼

NAS 啲 vendor 升級密唔密
用緊西部數碼

你部NAS係真IP定響firewall後面？firewall有無Samba port forwarding？
如果響firewall 後，firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相，但無知到係乜protocol。我自己部router行Linux但一年以上無得update，不過我Samba無開到。

NAS 啲 vendor 升級密唔密
用緊西部數碼

你部NAS係真IP定響firewall後面？firewall有無Samba port forwarding？
如果響firewall 後，firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相，但無知到係乜protocol。我自己部router行Linux但一年以上無得update，不過我Samba無開到。

behind firewall, through NAT i think. not sure what ports they use, but i occasionally use the included app to access files there. I probably have uPNP turned on on the router

NAS 啲 vendor 升級密唔密
用緊西部數碼

你部NAS係真IP定響firewall後面？firewall有無Samba port forwarding？
如果響firewall 後，firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相，但無知到係乜protocol。我自己部router行Linux但一年以上無得update，不過我Samba無開到。

behind firewall, through NAT i think. not sure what ports they use, but i occasionally use the included app to access files there. I probably have uPNP turned on on the router

Run this test at home behind firewall.

http://www.t1shopper.com/tools/port-scan/

真係好撚驚

用Router vpn, 有個setting係要enable samba,
係唔係一樣受影響

Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit

2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.

3. Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.

即係 sambacry 係 windows client 導致 ?

Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit

2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.

3. Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.

即係 sambacry 係 windows client 導致 ?

......

唔識英文定唔知咩係SMB

唔怕，不可同WannyCry相提並論。

Ｗindows好多人用老翻，焗住要停左windows update

Linux完全免費，且有相關社羣強大支援，就算有漏洞都可以堂而煌之討論及迅速修補

Mitigation:

Any of the following:

1. SELinux is enabled by default and our default policy prevents loading of modules from outside
of samba's module directories and therefore blocks the exploit

2. Mount the filessytem which is used by samba for its writeable share, using "noexec" option.

3. Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing
any named pipe endpoints. Note this can disable some expected functionality for Windows clients.

即係 sambacry 係 windows client 導致 ?

......

唔識英文定唔知咩係SMB

係呀，唔識呀，解黎聽下

裝 Linux





都要 update 㗎

NAS 啲 vendor 升級密唔密
用緊西部數碼

你部NAS係真IP定響firewall後面？firewall有無Samba port forwarding？
如果響firewall 後，firewall有無forwarding應該安全。不過我識有人屋企部NAS駁出街睇相，但無知到係乜protocol。我自己部router行Linux但一年以上無得update，不過我Samba無開到。

behind firewall, through NAT i think. not sure what ports they use, but i occasionally use the included app to access files there. I probably have uPNP turned on on the router

Run this test at home behind firewall.

http://www.t1shopper.com/tools/port-scan/

冇 common ports 開住
但其實屋企有4 5 樣 smart home 嘢用 app through cloud access. 中間 個 router upnp 唔肯定有冇開乜 port

On9問句 mac會唔會有事

On9問句 mac會唔會有事

有Time Machine米有事都唔駛驚lor

MrA:一切都係window嘅錯