“Never trust a computer you can’t throw out a window” — Steve WozniakContinue…
“I do not fear computers. I fear lack of them.“— Isaac AsimovContinue…
Don’t worry, Ubuntu source code was not impacted!Continue…
The Windows Subsystem for Linux (WSL) is a great feature introduced in Windows 10.
Is a compatibility layer for running Linux binary executables natively on Windows 10, and allows the use of a rather real linux installation, without using a virtual machine.
All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server.
The major Linux distributions (Red Hat, Ubuntu, Debian) has already rolled out security patches for this vulnerability, tracked as CVE-2017-14746, that affects all versions of SAMBA since 4.0.
According to the project’s advisory, an unauthenticated attacker could send specially-crafted SMB1 requests to cause the server to crash or execute arbitrary code.
Sysadms should to apply the fixes to their server, otherwise another possibility consists in turning off SAMBA 1:
========== Workaround ========== Prevent SMB1 access to the server by setting the parameter: server min protocol = SMB2 to the [global] section of your smb.conf and restart smbd. This prevents and SMB1 access to the server. Note this could cause older clients to be unable to connect to the server.