This is a Fast-Air Tech Talk security notice. The Tech Talk security notice is a free service for all Fast-Air customers. Please suggest security notice topics.

Recently a security flaw was discovered in the Samba software. Samba is used on Linux and BSD based systems to support file sharing and networking, but the flaw indirectly affects Windows and Mac users.

A challenge with this flaw is the many off-the-shelf Network Attached Storage (NAS) devices. Off-the-shelf NAS devices commonly use a modified form of a Linux system. Samba often is installed on these NAS devices.

Other devices, such as routers that provide file sharing support, could be affected.

File sharing is enabled in these devices through a web browser interface. File sharing is used to store and share files with Windows and Mac computers.

Despite remaining fully functional, many of these off-the-shelf devices have reached vendor end-of-life (EOL) and no longer are supported. Therefore no firmware updates will be forthcoming for EOL models that might be affected.

This vulnerability affects Samba versions 3.5.0 and newer. Version 3.5.0 was introduced March 1, 2010. Devices purchased about or after this date might be vulnerable.

Typically with these off-the-shelf devices, discovering the installed Samba version is impossible for most users.

Anybody using a typical off-the-shelf device supporting file sharing should check for firmware updates.

Even when a firmware update is available, all customers using an off-the-shelf file sharing device should ensure the device is accessible only from within the user’s network and is not accessible from the public facing side of the Internet.

Anybody using a standard Linux or BSD distro need not worry about the vulnerability because upstream patches are available and likely are already updated and installed using the distro update mechanism.

• Author
• Recent Posts

Backwoods Geek

Backwoods Geek wrote his first computer program in 1977. He started using desktop computers in 1982 to write training and job aids. These days his home includes routers, switches, computers, a home theater PC, a laptop, and bluetooth phones. His professional career includes instrumentation and controls, computers, industrial training, technical writing, and teaching computer classes. Pastimes include sitting on the front porch, observing wildlife, cutting firewood, reading, watching movies, and tinkering with computers. He is uncomfortable around morning people until afternoon, likes dry and off-the-wall humor, and usually tells jokes with a straight face. He is a believer in the old adage that, "No matter where you go, there you are."

Latest posts by Backwoods Geek (see all)

• Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
• Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
• VPNFilter Router Malware (Notice 2018-007) - May 30, 2018