UpGuard Blog

Testing for Samba CVE-2015-0240 with UpGuard

Written by UpGuard | Mar 4, 2015 6:28:23 PM

Microsoft has announced a vulnerability in Samba, the widely used SMB/CIFS protocol for Windows/*nix interoperability. The vulnerability exists in versions 3.5.0 to 4.2.0rc4 and allows malicious clients to manipulate the host such that clients can execute code via a netlogon packet.

There are already patches available for each of the affected versions. For Samba 4.0 and above you can solve the problem simply by including a line to disable netlogon.

On Samba versions 4.0.0 and above, add the line:

rpc_server:netlogon=disabled

to the [global] section of your smb.conf.

To ensure that you are no longer vulnerable, we've added a check to our library of public policies. The check will give you a thumbs up/thumbs down on whether your nodes are patched and allow you to drill down into why they failed.

This node failed the test. We can click on the "check content" portion of the policy results to understand exactly what test was being run and why it failed. 

Related Blog:

Why Companies Will Keep Getting Breached In 2016 And Beyond

The more important and difficult question is not why, but how—that is, how can companies not just survive, but thrive in a landscape of digital threats?

This node was supposed to have the netlogon=disabled solution but evidently the patch was not correctly applied. Having UpGuard there to check our work ensures that we are secure and have a record of the steps taken to ensure compliance. 

 

 

More Blogs

How CSTAR Works What's In the Website Risk Grader? Understanding Risk in the 21st Century

The "Hacking" Of 000webhost—Or Why Free Should Never Be Synonymous With Unsecure

So how do events like 000webhost's massive data breach involving free web hosting providing 000webhost transpire? In a word, negligence. Gross negligence, to be precise.
Read Blog >

Why We Made Our Vulnerability Assessment Free for Everyone

Access to free vulnerability assessment should be a basic right in a world where computing is integral to social and economic life. For our part, we're offering our full product, including vulnerability assessment, free forever for a user's first ten machines.
Read Blog >

Understanding Risk in the 21st Century

Even today, the risk of data breaches in particular threaten to hamper business innovation. So what is cyber risk, and what can be done about it?
Read Blog >