Samba is an open source project that is widely used on Linux and Unix computers so they can work with Windows file and print services, both as clients that connect to Windows servers, and as servers that accept connections from Windows clients.
On 2017-05-24, Samba published a patch for a vulnerability known as CVE-2017-7494. Attackers who have write access to a file share on a vulnerable Samba server and who can copy an executable file into that share, may then be able to trick the server remotely into running the uploaded file, for example to infect the server with malware automatically.
Several Linux-based Sophos products include Samba, but only use it as a client (e.g. to connect out to Windows servers). The following products have Samba but don't accept incoming Samba requests, and are therefore not vulnerable to this exploit: Sophos Anti-Virus for Linux, Sophos Anti-Virus for UNIX, Sophos SG UTM, Sophos XG Firewall and Sophos Web Security. The Sophos for Virtual Environments virtual appliance does run a Samba server, but all its network shares are read-only. An attacker requires write access to the server in order for the exploit to work, so this product is not vulnerable.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.