Следующая
новость
Предыдущая
новость
26 May 2017

Vulnerability scanner SambaCry

BI.ZONE team has developed a special utility software – vulnerability scanner SambaCry. The scanner detects vulnerability CVE-2017-7494 which is peculiar for all version of Samba software starting from version 3.5.0

This vulnerability is relatively easy to exploit and provides for remote code execution on a target system. In case of successful attack perpetrator can gain control over vulnerable Linux and Unix systems.

Vulnerability exists in the function “is_known_pipename”.


In order to process special RPC requests, this function attempts to call RPC module under the name equal to the name of the requested channel (pipe).


However, if the name of the channel is an absolute path (starting with slash symbol), the module in the function of additional module upload is uploaded through the absolute path instead of the catalogue with RPC modules as the developers first implied.


The exploit for this vulnerability can also be found in the Internet. The execution of the malicious code requires one mere line of code.

simple.create_pipe("/path/to/target.so")

Our team has developed the scanner which allows to detect vulnerability CVE-2017-7494. The scanner is available here.

Usage instructions

  • This checker uses version detect for vulnerability check.
  • If you have turned off PIPES functionality, your host may not be vulnerable.
  • If you have banned write operation to all directories in you Samba server,
  • your host may not be vulnerable.
  • If you turned off banners, scanner may be wrong.
  • If scanner can not auth to Samba, it's impossible to get banner with version.

SambaCry scanner tool by BiZone

Usage of ./sambacry_scaner.exe:

  • clear_hosts string

Output CSV file with hosts that are not vulnerable. Example: clear.csv

  • file string

File with list of targets to scan. Each address or netmask on new line.

  • ip string

IP address

  • net string

IP network address. Example: 10.0.1.0/24

  • out string

Output file with results of scan in CSV format. Example: results.csv

  • verbose

Verbose output

  • workers int

Count of concurrent workers. (default 200)


Download utility

sambacry.7z

Password for the archive

sambacry

Checksums

$ sha1sum.exe sambacry_scanner.exe
b44c5e7e8c8cd121d83020b7fdc5844c482e0968

$ sha1sum.exe sambacry_scanner.go
c0a47933c56d4aa6168b4726194dc5f0bda37eef