Is my Ubuntu vulnerable to SambaCry?
First of all you should have a samba server running to be vulnerable to this bug which you don't have.
This vulnerability already has been patched, its CVE-ID is: "CVE-2017-7494":
Samba since version 3.5.0 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
So what you should do is a system upgrade if you didn't have done it already, then you are safe to go.
Check your apt's
"history logs" to see if your Ubuntu recently received any upgrade for samba or its libraries .
grep -B10 samba- /var/log/apt/history.log
to make sure you've got last updates use:
sudo apt update
sudo apt upgrade
Also use:
apt changelog samba
or aptitude changelog samba
if you are running an older version Ubuntu to get a list of last changes in this package, and if you pay attention you will see:
samba (2:4.3.11+dfsg-0ubuntu0.16.04.7) xenial-security; urgency=medium
* SECURITY UPDATE: remote code execution from a writable share
- debian/patches/CVE-2017-7494.patch: refuse to open pipe names with a
slash inside in source3/rpc_server/srv_pipe.c.
- CVE-2017-7494
Pay attention to the version: "2:4.3.11+dfsg-0ubuntu0.16.04.7", Then use:
$ dpkg -l samba* | awk "( !(/none/) && /^ii/ )"
ii samba-libs:amd64 2:4.3.11+dfsg-0ubuntu0.16.04.7 amd64 Samba core libraries
to see if you have patched version installed or not.
Extra steps
If you're really paranoia, grab a copy of source code, e.g:
apt source --download samba-libs
it will download the corresponding source code and all patches, extracts the source and apply the patches.
then go to:
head /path-to-extract/samba-4.3.11+dfsg/debian/changelog
You'll see the same stuff, as apt changelog samba
. you can even look for patch itself:
cat /home/ravexina/samba-4.3.11+dfsg/debian/patches/CVE-2017-7494.patch
+ if (strchr(pipename, '/')) {
+ DEBUG(1, ("Refusing open on pipe %s\n", pipename));
+ return false;
+ }
+
or even compile and install it, if you wish.
If you're carious, you can see a proof of concept for cve-2017-7494 here.
The Ubuntu Security Notice associated with the CVE has a list of affected Ubuntu releases and package versions where the patch was applied. From USN-3296-1:
The problem can be corrected by updating your system to the following package version:
Ubuntu 17.04:
samba 2:4.5.8+dfsg-0ubuntu0.17.04.2
Ubuntu 16.10:
samba 2:4.4.5+dfsg-2ubuntu5.6
Ubuntu 16.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.16.04.7
Ubuntu 14.04 LTS:
samba 2:4.3.11+dfsg-0ubuntu0.14.04.8
In addition, USN-3296-2 states that 12.04 ESM users also have a patched version available:
Ubuntu 12.04 LTS:
samba 2:3.6.25-0ubuntu0.12.04.11