Samba vulnerability could lead to the next WannaCry

The user cuspess on the XPEnology forum had a really good question for the community!

It seems that Synology has released a security patch yesterday to address the potential vulnerability of DSM in relation to recent WannaCry attacks. Xpenology usually is quite stable once you got the bootloader all working bug free; but it is the time like these that could cause problem to xpenology users, just like synolock back in 2014. Xpenology users are limited to certain version, depends on the bootloader version they are using. For instance some user are still on DSM 5.x which their bootloader doesn’t support further update or a complete upgrade of bootloader is require if to upgrade to DSM 6; same applies to those, and including myself, who yet to get the newer bootload which support DSM 6.1 to work with their machine.

My queries, with the difficulties mentioned above, how do we protect ourselves from security vulnerability?

I found below post on It seems if we edit the samba.conf we could close this vulnerability!

A security vulnerability in the popular Samba networking utility could leave unpatched machines open to an attack similar to WannaCry. A single line of code is all that’s needed to exploit the vulnerability, but it is reliant on a number of prerequisites.

The vulnerability has been assigned the ID CVE-2017-7494 and is described as “remote code execution from a writable share” which could allow “malicious clients [to] upload and cause the smbd server to execute a shared library from a writable share.” Security researchers say that the flaw is very easy to exploit, and tens of thousands of machines have been found to be running versions of Samba for which a patch does not exist.

While the vulnerability is not exactly new, it was not thought to be particularly serious or likely to be exploited. The impact of WannaCry, however, showed that it was much more likely than first expected. One of the requirements for the vulnerability to become exploitable is that port 445 must be exposed, and researchers have found that this is true for hundreds of thousands of computers.

A patch has been made available, but the problem also affects versions of Samba that are no longer supported. In a security advisory, the Samba team says:

All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.

A patch addressing this defect has been posted to

Additionally, Samba 4.6.4, 4.5.10 and 4.4.14 have been issued as security releases to correct the defect. Patches against older Samba versions are available at Samba vendors and administrators running affected versions are advised to upgrade or apply the patch as soon as possible.

For anyone running a version of Samba for which there is not currently a patch, there is a workaround. The Samba teams says:

Add the parameter:

nt pipe support = no

to the [global] section of your smb.conf and restart smbd. This prevents clients from accessing any named pipe endpoints.

There is the warning, however, that “this can disable some expected functionality for Windows clients.”

original post @

Leave a Reply

Your email address will not be published. Required fields are marked *