SambaCry, the Seven Year Old Samba Vulnerability, is the Next Big Threat

sudo pacman -Rc smbclient
checking dependencies...

Package (2) Old Version Net Change

mpv 1:0.25.0-3 -4.06 MiB
smbclient 4.6.4-1 -24.45 MiB

Total Removed Size: 28.51 MiB

:: Do you want to remove these packages? [Y/n] no i want to keep mpv

>Allowing samba to write data
Never would I let little winbabies write to my hard drive

>sambacry
What the shit were they thinking naming it like that?
Wannacry at least came from the ransomware name, Wana crypt.

Also, they're making this out to be a huge deal when really it is less of an issue than the SMB exploit because it is far less likely that an SMB share will be configured to be writeable from the Internet.

>patched already
>can be fixed with a flag
>using samba
>using smb/samba with fucking open network ports
>letting random retards communicate to ports for your network shares

There's a whole lot of non-issue here, dont get me wrong yes it's an exploit but only one retards would fall for. This isn't shit enabled and running by default like windows, this is shit that only a specific amount of retards let themselves become vulnerable towards.

>wincucks deflecting

Nice try, enjoy your spyware.

Nobody has internet facing smb shares so this quite literally doesn't fucking matter.

>FREETARDS ON SUICIDE WATCH! ENJOY YOUR BOTNET!
What did he mean by this?

>exploit on windows
>OMFG! LOL Xd WINKEKS BOTNET MUHHG
>exploit on mac
>OMFG! LOL Xd gays fags on suicide watch, muuuhhhh unix proprietary SHIT!111
>exploit on linux
>naahhh, it's fucking nothing. Already patched herp derp :D

Proprietary shills eternally BTFO and #rekt

this isn't an exploit on linux though, it's an exploit on a piece of software that can be be installed onto linux. It's not by any means a component of linux or the OS. Complaining about this being an exploit for linux is about as much as complaining that if dropbox had an exploit that it was the fault of windows.

and also unlike other operating systems linux users tend to actually update since our updates aren't designed around cucking users to some corporate faggot's whims

>Windows has serious vulnerability that was already patched months ago
>LMAO WINTARDS BTFO ENJOY YOUR MALWARE
>Linux has serious vulnerability that has been in the wild for over 7 years
>LA LA LA ITS NOTHING I CANT HEAR YOU LA LA LA LA
pathetic.

These threads just go to show how retarded winbabbies are. Can't even read or comprehend what it's about by even the simplest google search. All they hear is exploit and assume the earth was scorched and salted. Only making yourselves look more retarded

It is nothing though.

>LA LA LA ITS NOTHING I CANT HEAR YOU LA LA LA LA
t. microsoft:
security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html

-Runs then

>an exploit on a piece of software that can be be installed onto linux
Not only that, said piece of software is mostly used to interact with the backdoored Windows version

>LA LA LA LA I CANT HEAR YOU LINUX IS PERFECT MICROSHILL LA LA LA LA LA

Current state of wintoddlers.

>Samba is software that can be run on a platform other than Microsoft Windows, for example, UNIX, Linux, IBM System 390, OpenVMS, and other operating systems.

>it's a linux problem
yeah no

>and also unlike other operating systems linux users tend to actually update since our updates aren't designed around cucking users to some corporate faggot's whims

So much this. It was such a pain in the ass to tell if my Win7 was patched even though I had installed all updates through windows update. When I searched for the two KB's for the patch neither showed up as installed so I had to go manually install the patch to make sure I had it. On my debian box all I had to do was sudo apt update ; sudo apt upgrade -y and then check the package with apt show smbclient to see if I got the patched one. I didn't even need to restart my machine.

/thread

>apt show smbclient
apt can download changelogs.

i don't really get the fuzz about it.
it needs a samba share accesable from the internet, the attacker needs an account on the server with write access, to get the server to run some code from a shared library as user "nobody" ?
does something like that even exist outside of honeypots ?

---> Doesn't use Samba. OP BTFO

I've read the article and concluded that there is nothing substantial there

>the next big threat
Unlike Windows users, Linux users do not wait TWO FUCKING MONTHS to update our systems.

Just fucking apt-get update && apt-get upgrade, and then forget about it.

>Samba
Literally who cares?

people using windows.
they are also the only ones that are possibly retarded enough to have their samba shares accessable from the internet with write access

this vulnerability is bullshit since
This exploit shouldn't be a thing since you have to be stupid on the first hand (kind of remind me this retard running firefox as root)
Windows exploit on the other hand was using an exploit on the OS that anyone could have + the update policy of windows is shit.

imo you have to be a retard to get both malware on your computer, but you have to admit linux is overall more secure than this piece of shit.

smb != samba
Also, patched

it's named smbclient on arch.

archlinux.org/packages/extra/x86_64/samba/

dirtycow is actually way more serious but still gets ignored to this day

>only one retards would fall for

Same for Wannacry. Only retards would click a mail attachment and open it or not use a properly configured firewall.

Especially in institutions, where supposedly IT staff shouldn't let SMB ports open or use antiquated OSes.

How many home users affected by Wannacry did you see? Basically none. The malware was designed to attack computers using the SMB port in a corporate LAN. All the affected PCs had Windows 7 or 8 installed.

The only affected PCs were from institutions and companies. So it's actually IT staff and management that's to blame. They went cheap on their IT infrastructure and this bit them eventually.

Home users were not affected.

pacman -Rdd to force remove a package. You should first check which packages will be affected and then test if they still function properly afterwards.

>The only affected PCs were from institutions and companies
>So it's actually IT staff and management that's to blame
i find it hard to believe there's any company/institution having a samba share accessable from the internet with writeaccess for everyone.
thats something even indians could manage to set up correctly

Just do a search. Can you find like 10 examples of home users affected by Wannacry?

On the other hand, there were hundreds of thousands of PCs from institutions and businesses affected by it. It wasn't designed for home users.

Who even owns more than a home PC and uses SMB on their home LAN?

Only institutions and firms do that..

SMB is not even installed by default with Windows, I think.

>Who even owns more than a home PC and uses SMB on their home LAN?
people owning a NAS, various IOT devices, etc

Which is not most people. Most people can barely use the programs installed by default. And still no home users were reported to have been affected by Wannacry.

Only old systems (Win 7 and 8) from some public institutions (hospitals, schools) and firms were affected. Because, most likely, they were the target.

>a malicious client needs to be able to upload a shared library file to a writeable share
kek

Did you know there's a vulnerability in your computer RIGHT NOW? If you press the power switch it turns off! How has this not received more attention??

didn't microsoft switch to hibernate by default because windows users are retarded ?

Well,you're right about the retarded part,but I'm not too sure about the rest.
;^)

user...

This shit breaks mpv by the way. Don't know why it's on my computer or why it's needed but I'd like to disable it from doing anything while still being installed.