SambaCry Vulnerability (CVE-2017-7494) in Linux Systems


Systems Affected

Many corporate network storage systems (NAS), home routers and other IOT devices run Samba for file sharing. Some are accessible only from within the network, while others are also exposed to the internet. At the moment there are over 110,000 internet accessible devices that appear to be running vulnerable versions of Samba.

Every device running Samba with writable file shares and weak passwords is at risk. These devices can then be exploited by attackers to hold entire file servers for ransom, exfiltrate data or move laterally inside a network.

Threat Level



This vulnerability is the Linux version of WannaCry, appropriately named SambaCry. A malicious samba client that has write access to a samba share could use this flaw to execute arbitrary code typically as root.

The Samba team released a patch on May 24 for critical remote code execution vulnerability in Samba, the most popular file sharing service for all Linux systems. Samba is commonly included as a basic system service on other Unix-based operating systems as well.


This vulnerability, indexed CVE-2017-7494, enables a malicious attacker with valid write access to a file share to upload and execute an arbitrary binary file which will run with Samba permissions.

The flaw can be exploited with just a few lines of code, requiring no interaction on the part of the end user. All versions of Samba from 3.5 onwards are vulnerable.

As Samba is used as part of many organizations storage systems, we expect a ransomware attack to take advantage of the flaw in the near future.


Samba vulnerability requires the attacker to have valid credentials to a writable share, reducing the likelihood that it will be "wormable". However, a post breach attacker is likely to obtain the required credentials, providing an incredibly versatile platform for lateral movement

Solution/ Workarounds

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.



The information provided herein is on "as is" basis, without warranty of any kind.


© Copyright Sri Lanka CERT|CC. All Rights Reserved.