SambaCry: Unauthenticated RCE via shared library upload on writable Samba shares — EternalBlue equivalent for Linux/NAS devices. Update Samba to 4.6.4+. Set noexec on all Samba shares as compensating control. Widely exploited by Mirai variants targeting NAS devices.
Samba since version 3.5.0 and before 4.6.4, 4.5.10, 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it. SambaCry.
Exploit-DB.ai delivers real-time AI-triaged zero-day alerts directly to your inbox.
Activate Supernova →