[Samba] Does WannaCry Ransmonware affect Samba?

[Bob of Donelson Trophy]

On 2017-05-18 07:47, Sven Schwedas via samba wrote:

> On 2017-05-18 14:11, lingpanda101 via samba wrote: 
> 
>> Hello,
>> 
>> Up till today I have only heard that it affects Windows clients and
>> Servers. However I received this today that sparked my question
>> 
>> https://ics-cert.us-cert.gov/sites/default/files/FactSheets/ICS-CERT_FactSheet_WannaCry_Ransomware.pdf
>> 
>> This suggests blocking port 445 for Samba specifically.
> 
> Probably a typo/misunderstanding. 445 is for all SMB implementations.
> 
>> First wouldn't> blocking port 445 break all file and printer sharing functionality?
>> 
>> Second isn't this port needed even by Windows for SMB? I'm confused.
>> Thanks.
> 
> Yes to both. That's what the slight understatement "may cause
> disruptions on systems that require port 445" means.
> 
> Samba in itself is not vulnerable to ETERNALBLUE, so it cannot be
> infected by WannaCry.
> 
> However, vulnerable clients with write access to Samba shares can still
> encrypt files on Samba shares and render them useless, so you should
> still make sure you can detect ransomware attacks and make sure your
> backups work.
> 
> -- 
> Mit freundlichen Grüßen, / Best Regards,
> Sven Schwedas, Systemadministrator
> Mail/XMPP sven.schwedas at tao.at | Skype sven.schwedas
> TAO Digital | Lendplatz 45 | A8020 Graz
> https://www.tao-digital.at | Tel +43 680 301 7167

As the facts emerge about this story. I think we will find that most
affected workstations and servers were NOT software up to date. Every
common workstation user is too quick to cancel "that" update because "I
have 'work' I HAVE to get done, now!" with little or no thought to the
consequences of the failing to update. 

Those of us that keep W and Samba as "current" as possible should be "in
front" of most virus and threats. 

Just my penny (sorry Rowland) and a half on this almost not Samba
subject.

-- 
_______________________________

Bob Wooden of Donelson Trophy