Friday, May 26, 2017

Unravelling SambaCry




Subtitle:  Hold on Smug Linux Users!

Marcus did report on the Windows WannaCry ransomware that became famous just a week or so ago.

We wrote this  (and also this )

https://majzel.blogspot.com/2017/05/wannacry-ransomware.html

At the time the Internet was also awash with many smug Linux users patting themselves of the back saying:  Linux is so secure.  So today it's rather comical that whilst doing some due diligence I noticed  this 

Samba Security Notice CVE-2017-7494

https://www.samba.org/samba/security/CVE-2017-7494.html

Here is the gist of it:

All versions of Samba on Linux from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.



Basically as far as I can see the issue is

a) malicious Windows client uploads a shared library that if executed will damage or compromise  system
b) server executes shared library on Linux via the IPC$ windows share mechanism


In the Windows world the tool that would perform the remote execution magic is called  Sysinternals PSEXEC

Now, using my Linux 16.04 system with Samba 4.3.11 I was totally unable to compromise my system.  I tried from a latest psexec.exe windows driver.   Nope.   All was good.

From Googling apparently the tool that can is a the Metasploit penetration test software where somebody writes a line in their meta language like this


simple.create_pipe("/path/to/target.shared.object")

I don't have Metasploit installed on my testing system so cannot verify but let see what the proposed fixes are anyway



01 Patch your main Linux Samba config file

Patch global section of smb.conf with
nt pipe support = no

# This boolean parameter controls whether smbd(8) will allow Windows NT clients to connect to the NT SMB specific IPC$ pipes.



vi /etc/samba/smb.conf    #make above changes

#restart samba
# ps -ef | grep smb
root     31960     1  0 19:31 ?        00:00:00 /usr/sbin/smbd -D
root     31961 31960  0 19:31 ?        00:00:00 /usr/sbin/smbd -D
root     31965 31960  0 19:31 ?        00:00:00 /usr/sbin/smbd -D
root     32174 27604  0 19:35 pts/1    00:00:00 grep smb
# service smbd restart
# ps -ef | grep smb
root     32214     1  0 19:35 ?        00:00:00 /usr/sbin/smbd -D
root     32215 32214  0 19:35 ?        00:00:00 /usr/sbin/smbd -D
root     32217 32214  0 19:35 ?        00:00:00 /usr/sbin/smbd -D
root     32223 27604  0 19:35 pts/1    00:00:00 grep smb


02 Upgrade the Samba Binaries if a fix is available

My worked example is from one of my trusted servers based on a Ubuntu Linux 16.04 base

# Update the package list database

# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102 kB]
Hit:2 http://archive.canonical.com/ubuntu xenial InRelease
Hit:3 http://archive.ubuntu.com/ubuntu xenial InRelease
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates InRelease [102 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial-backports InRelease [102 kB]
Ign:6 http://packages.linuxmint.com serena InRelease
Hit:7 http://packages.linuxmint.com serena Release
Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [544 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main i386 Packages [528 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/universe amd64 Packages [469 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/universe i386 Packages [454 kB]
Fetched 2'301 kB in 1s (1'443 kB/s)
Reading package lists... Done

# can I upgrade Samba now?

# apt-cache policy samba
samba:
  Installed: 2:4.3.11+dfsg-0ubuntu0.16.04.6
  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7
  Version table:
     2:4.3.11+dfsg-0ubuntu0.16.04.7 500
        500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
 *** 2:4.3.11+dfsg-0ubuntu0.16.04.6 100
        100 /var/lib/dpkg/status
     2:4.3.8+dfsg-0ubuntu1 500
        500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages


# lets check the Web to see if the update might fix this problem



https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html

Well that is lucky then, since  the package database knows about  Candidate: 2:4.3.11+dfsg-0ubuntu0.16.04.7  and that will fix the issue


# Simulate the upgrade, because Marcus is that paranoid

# apt-get --simulate --verbose-versions upgrade samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   gir1.2-nmgtk-1.0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   iproute (1:4.3.0-1ubuntu3 => 1:4.3.0-1ubuntu3.16.04.1)
   iproute2 (4.3.0-1ubuntu3 => 4.3.0-1ubuntu3.16.04.1)
   libjasper1 (1.900.1-debian1-2.4ubuntu1 => 1.900.1-debian1-2.4ubuntu1.1)
   libjbig2dec0 (0.12+20150918-1 => 0.12+20150918-1ubuntu0.1)
   libminiupnpc10 (1.9.20140610-2ubuntu2 => 1.9.20140610-2ubuntu2.16.04.1)
   libnm-gtk-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnm-gtk0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libservlet3.1-java (8.0.32-1ubuntu1.3 => 8.0.32-1ubuntu1.4)
   libsmbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   libwbclient0 (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   mint-mirrors (1.1.5 => 1.1.6)
   network-manager-gnome (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-libs (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   vino (3.8.1-0ubuntu9.1 => 3.8.1-0ubuntu9.2)
22 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Inst python-samba [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba-common-bin [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst smbclient [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba-libs [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) [libsmbclient:amd64 ]
Inst libwbclient0 [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) [libsmbclient:amd64 ]
Inst libsmbclient [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64]) []
Inst samba-common [2:4.3.11+dfsg-0ubuntu0.16.04.6] (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [all])
Inst iproute2 [4.3.0-1ubuntu3] (4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Inst libnm-gtk0 [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libnm-gtk-common [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Inst gir1.2-nmgtk-1.0 [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Inst iproute [1:4.3.0-1ubuntu3] (1:4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [all])
Inst libjasper1 [1.900.1-debian1-2.4ubuntu1] (1.900.1-debian1-2.4ubuntu1.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libjbig2dec0 [0.12+20150918-1] (0.12+20150918-1ubuntu0.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst libminiupnpc10 [1.9.20140610-2ubuntu2] (1.9.20140610-2ubuntu2.16.04.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Inst network-manager-gnome [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libnma0 [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64]) []
Inst libnma-common [1.2.6-0ubuntu0.16.04.2] (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Inst libservlet3.1-java [8.0.32-1ubuntu1.3] (8.0.32-1ubuntu1.4 Ubuntu:16.04/xenial-updates [all])
Inst mint-mirrors [1.1.5] (1.1.6 linuxmint:18.1/serena [all])
Inst vino [3.8.1-0ubuntu9.1] (3.8.1-0ubuntu9.2 Ubuntu:16.04/xenial-updates [amd64])
Conf libwbclient0 (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf samba-libs (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [all])
Conf samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf samba (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libsmbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf iproute2 (4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [amd64])
Conf libnm-gtk-common (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Conf libnm-gtk0 (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf gir1.2-nmgtk-1.0 (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf iproute (1:4.3.0-1ubuntu3.16.04.1 Ubuntu:16.04/xenial-updates [all])
Conf libjasper1 (1.900.1-debian1-2.4ubuntu1.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libjbig2dec0 (0.12+20150918-1ubuntu0.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libminiupnpc10 (1.9.20140610-2ubuntu2.16.04.1 Ubuntu:16.04/xenial-updates, Ubuntu:16.04/xenial-security [amd64])
Conf libnma-common (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [all])
Conf libnma0 (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf network-manager-gnome (1.2.6-0ubuntu0.16.04.3 Ubuntu:16.04/xenial-updates [amd64])
Conf libservlet3.1-java (8.0.32-1ubuntu1.4 Ubuntu:16.04/xenial-updates [all])
Conf mint-mirrors (1.1.6 linuxmint:18.1/serena [all])
Conf vino (3.8.1-0ubuntu9.2 Ubuntu:16.04/xenial-updates [amd64])

# Looks good, so do the upgrade

apt-get  --verbose-versions upgrade samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
   gir1.2-nmgtk-1.0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   iproute (1:4.3.0-1ubuntu3 => 1:4.3.0-1ubuntu3.16.04.1)
   iproute2 (4.3.0-1ubuntu3 => 4.3.0-1ubuntu3.16.04.1)
   libjasper1 (1.900.1-debian1-2.4ubuntu1 => 1.900.1-debian1-2.4ubuntu1.1)
   libjbig2dec0 (0.12+20150918-1 => 0.12+20150918-1ubuntu0.1)
   libminiupnpc10 (1.9.20140610-2ubuntu2 => 1.9.20140610-2ubuntu2.16.04.1)
   libnm-gtk-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnm-gtk0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma-common (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libnma0 (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   libservlet3.1-java (8.0.32-1ubuntu1.3 => 8.0.32-1ubuntu1.4)
   libsmbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   libwbclient0 (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   mint-mirrors (1.1.5 => 1.1.6)
   network-manager-gnome (1.2.6-0ubuntu0.16.04.2 => 1.2.6-0ubuntu0.16.04.3)
   python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   samba-libs (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.6 => 2:4.3.11+dfsg-0ubuntu0.16.04.7)
   vino (3.8.1-0ubuntu9.1 => 3.8.1-0ubuntu9.2)
22 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 9'833 kB of archives.
After this operation, 1'024 B disk space will be freed.
Do you want to continue? [Y/n] y
Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 python-samba amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [1'062 kB]
Get:2 http://packages.linuxmint.com serena/main amd64 mint-mirrors all 1.1.6 [4'634 B]
Get:3 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [912 kB]
Get:4 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba-common-bin amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [506 kB]
Get:5 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 smbclient amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [311 kB]
Get:6 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba-libs amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [5'163 kB]
Get:7 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libwbclient0 amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [30.4 kB]
Get:8 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libsmbclient amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 [53.2 kB]
Get:9 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 samba-common all 2:4.3.11+dfsg-0ubuntu0.16.04.7 [83.6 kB]
Get:10 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 iproute2 amd64 4.3.0-1ubuntu3.16.04.1 [522 kB]
Get:11 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnm-gtk0 amd64 1.2.6-0ubuntu0.16.04.3 [70.3 kB]
Get:12 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnm-gtk-common all 1.2.6-0ubuntu0.16.04.3 [5'662 B]
Get:13 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 gir1.2-nmgtk-1.0 amd64 1.2.6-0ubuntu0.16.04.3 [4'862 B]
Get:14 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 iproute all 1:4.3.0-1ubuntu3.16.04.1 [2'432 B]
Get:15 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libjasper1 amd64 1.900.1-debian1-2.4ubuntu1.1 [130 kB]
Get:16 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libjbig2dec0 amd64 0.12+20150918-1ubuntu0.1 [55.3 kB]
Get:17 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libminiupnpc10 amd64 1.9.20140610-2ubuntu2.16.04.1 [23.9 kB]
Get:18 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 network-manager-gnome amd64 1.2.6-0ubuntu0.16.04.3 [290 kB]
Get:19 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnma0 amd64 1.2.6-0ubuntu0.16.04.3 [66.5 kB]
Get:20 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libnma-common all 1.2.6-0ubuntu0.16.04.3 [5'650 B]
Get:21 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 libservlet3.1-java all 8.0.32-1ubuntu1.4 [390 kB]
Get:22 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 vino amd64 3.8.1-0ubuntu9.2 [140 kB]
Fetched 9'833 kB in 1s (7'209 kB/s)
Preconfiguring packages ...
(Reading database ... 274097 files and directories currently installed.)
Preparing to unpack .../python-samba_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba-common-bin_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../smbclient_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba-libs_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../libwbclient0_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../libsmbclient_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_amd64.deb ...
Unpacking libsmbclient:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../samba-common_2%3a4.3.11+dfsg-0ubuntu0.16.04.7_all.deb ...
Unpacking samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.7) over (2:4.3.11+dfsg-0ubuntu0.16.04.6) ...
Preparing to unpack .../iproute2_4.3.0-1ubuntu3.16.04.1_amd64.deb ...
Unpacking iproute2 (4.3.0-1ubuntu3.16.04.1) over (4.3.0-1ubuntu3) ...
Preparing to unpack .../libnm-gtk0_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking libnm-gtk0:amd64 (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libnm-gtk-common_1.2.6-0ubuntu0.16.04.3_all.deb ...
Unpacking libnm-gtk-common (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../gir1.2-nmgtk-1.0_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking gir1.2-nmgtk-1.0:amd64 (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../iproute_1%3a4.3.0-1ubuntu3.16.04.1_all.deb ...
Unpacking iproute (1:4.3.0-1ubuntu3.16.04.1) over (1:4.3.0-1ubuntu3) ...
Preparing to unpack .../libjasper1_1.900.1-debian1-2.4ubuntu1.1_amd64.deb ...
Unpacking libjasper1:amd64 (1.900.1-debian1-2.4ubuntu1.1) over (1.900.1-debian1-2.4ubuntu1) ...
Preparing to unpack .../libjbig2dec0_0.12+20150918-1ubuntu0.1_amd64.deb ...
Unpacking libjbig2dec0 (0.12+20150918-1ubuntu0.1) over (0.12+20150918-1) ...
Preparing to unpack .../libminiupnpc10_1.9.20140610-2ubuntu2.16.04.1_amd64.deb ...
Unpacking libminiupnpc10:amd64 (1.9.20140610-2ubuntu2.16.04.1) over (1.9.20140610-2ubuntu2) ...
Preparing to unpack .../network-manager-gnome_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking network-manager-gnome (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libnma0_1.2.6-0ubuntu0.16.04.3_amd64.deb ...
Unpacking libnma0:amd64 (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libnma-common_1.2.6-0ubuntu0.16.04.3_all.deb ...
Unpacking libnma-common (1.2.6-0ubuntu0.16.04.3) over (1.2.6-0ubuntu0.16.04.2) ...
Preparing to unpack .../libservlet3.1-java_8.0.32-1ubuntu1.4_all.deb ...
Unpacking libservlet3.1-java (8.0.32-1ubuntu1.4) over (8.0.32-1ubuntu1.3) ...
Preparing to unpack .../mint-mirrors_1.1.6_all.deb ...
Unpacking mint-mirrors (1.1.6) over (1.1.5) ...
Preparing to unpack .../vino_3.8.1-0ubuntu9.2_amd64.deb ...
Unpacking vino (3.8.1-0ubuntu9.2) over (3.8.1-0ubuntu9.1) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...
Processing triggers for man-db (2.7.5-1) ...
Processing triggers for systemd (229-4ubuntu17) ...
Processing triggers for ureadahead (0.100.0-19) ...
ureadahead will be reprofiled on next reboot
Processing triggers for ufw (0.35-0ubuntu2) ...
Rules updated for profile 'Samba'
Skipped reloading firewall
Processing triggers for libglib2.0-0:i386 (2.48.2-0ubuntu1) ...
Processing triggers for libglib2.0-0:amd64 (2.48.2-0ubuntu1) ...
Processing triggers for desktop-file-utils (0.22-1ubuntu5.1) ...
Processing triggers for gnome-menus (3.13.3-6ubuntu3.1) ...
Processing triggers for mime-support (3.59ubuntu1) ...
Processing triggers for hicolor-icon-theme (0.15-0ubuntu1) ...
Processing triggers for gconf2 (3.2.6-3ubuntu6) ...
Processing triggers for mintsystem (8.3.0) ...
Setting up libwbclient0:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba-libs:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up python-samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba-common (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba-common-bin (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up libsmbclient:amd64 (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up smbclient (2:4.3.11+dfsg-0ubuntu0.16.04.7) ...
Setting up iproute2 (4.3.0-1ubuntu3.16.04.1) ...
Setting up libnm-gtk-common (1.2.6-0ubuntu0.16.04.3) ...
Setting up libnm-gtk0:amd64 (1.2.6-0ubuntu0.16.04.3) ...
Setting up gir1.2-nmgtk-1.0:amd64 (1.2.6-0ubuntu0.16.04.3) ...
Setting up iproute (1:4.3.0-1ubuntu3.16.04.1) ...
Setting up libjasper1:amd64 (1.900.1-debian1-2.4ubuntu1.1) ...
Setting up libjbig2dec0 (0.12+20150918-1ubuntu0.1) ...
Setting up libminiupnpc10:amd64 (1.9.20140610-2ubuntu2.16.04.1) ...
Setting up libnma-common (1.2.6-0ubuntu0.16.04.3) ...
Setting up libnma0:amd64 (1.2.6-0ubuntu0.16.04.3) ...
Setting up network-manager-gnome (1.2.6-0ubuntu0.16.04.3) ...
Setting up libservlet3.1-java (8.0.32-1ubuntu1.4) ...
Setting up mint-mirrors (1.1.6) ...
Setting up vino (3.8.1-0ubuntu9.2) ...
Processing triggers for libc-bin (2.23-0ubuntu7) ...

# Restart samba

service smbd restart
ps -ef | grep smb
root       379     1  0 20:26 ?        00:00:00 /usr/sbin/smbd -D
root       380   379  0 20:26 ?        00:00:00 /usr/sbin/smbd -D
root       382   379  0 20:26 ?        00:00:00 /usr/sbin/smbd -D
root       394 28055  0 20:26 pts/2    00:00:00 grep smb




So: What did I learn?

Yet again there seems to be an element of scare-mongering here.  Since there is no Linux virus called SambaCry that has been developed or deployed

With an unpatched Linux system I was unable to use the proposed IPC$ share vulnerability to compromise my Linux system, at least from a psexec.exe loaded windows Server test rig.

But the good news is that Linux people, patched the vulnerability quickly after it was highlighted.

Today is Friday morning, May 26 2017.  I am off to sleep now.  I will sleep safely knowing both my Linux and Windows systems are safe.



Links