A vulnerability in Samba, the standard Windows interoperability suite of programs for Linux and Unix, can be exploited remotely to gain access to Linux machines that have port 445 exposed.
Some are calling it Linux's WannaCry as it could serve as a path for a worm-like exploit that spreads quickly. The bug has been in the Samba codebase for seven years.
Any exploit against this Samba flaw would also be able to capitalise on bugs in the same SMB protocol used by the NSA exploits used to spread WannaCry.
Xavier Mertens, a researcher at the SANS Internet Storm Centre, said that one only needed a one-liner to exploit the Samba bug.
{loadposition sam08}"An attacker has to find an open SMB share (TCP/445), upload a shared library to the writable share, and then cause the server to load and execute it," he said.
The vulnerability is in the way Samba handles shared libraries.
A remote attacker could use the arbitrary module loading vulnerability to upload a shared library to a writable share and then cause the server to load and execute malicious code.
In an advisory, the Samba developers said: "All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it."
They said patches, for all versions, including old and unsupported versions, had been posted to the Samba security site.
As a workaround, they said the parameter "nt pipe support = no" could be added to the global section of the Samba configuration file smb.conf.
Researchers at Cisco said the vulnerability could affect "numerous servers, storage devices such as NAS systems, and anything else running the version of Samba that is vulnerable to this attack".
"In accordance with best practices, it is highly recommended that users do not allow direct SMB, Samba, CIFS, NFS, etc. access from the Internet to systems within their network."