Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Guru3D Rig of the Month - February 2021
ASUS GeForce RTX 3060 STRIX Gaming OC review
EVGA GeForce RTX 3060 XC Gaming review
MSI GeForce RTX 3060 Gaming X TRIO review
PALIT GeForce RTX 3060 DUAL OC review
ZOTAC GeForce RTX 3060 AMP WHITE review
Fractal Design Meshify 2 Compact chassis review
Sabrent Rocket 4 PLUS 2TB NVMe SSD review
MSI Radeon RX 6900 XT GAMING X TRIO review
Guru3D Q1 Winter 20/21 PC Buyer Guide

New Downloads
Media Player Classic - Home Cinema v1.9.10 Download
GeForce 461.72 WHQL driver download
AIDA64 Download Version 6.32.5640 beta
CrystalDiskInfo 8.11.2 Download
AMD Radeon Adrenalin Edition 21.2.3 driver download
GPU-Z Download v2.37.0
Intel HD graphics Driver Download Version: DCH27.20.100.9313
HWiNFO Download v6.43 - 4380 Beta
AMD Radeon Adrenalin Edition 21.2.2 driver download
3DMark Download v2.17.7137 + Time Spy


New Forum Topics
GeForce 461.72 WHQL drivers: download & discussion Judge orders Valve to hand over Steam data Review: Fractal Design Meshify 2 Compact chassis New Upcoming ATI/AMD GPU's Thread: Leaks, Hopes & Aftermarket GPU's RDNA2 RX6000 Series Owners Thread, Tests, Mods, BIOS & Tweaks ! Need help with HPET MOSFET prices to increase on worsening component shortages ClockTuner 2.0 for Ryzen (CTR) Guide and download Tesla shuts down Model 3 production line for two weeks due to chip shortage Diablo 2 Resurrected PC requirements




Guru3D.com » News » Update Your NAS Server - There is a Vunerability in Samba

Update Your NAS Server - There is a Vunerability in Samba

by Hilbert Hagedoorn on: 05/26/2017 07:14 AM | source: | 3 comment(s)
Update Your NAS Server - There is a Vunerability in Samba

There is a new a new vunerability discovered with Samba it affects versions 3.5 (released March 1, 2010) and onwards, the defacto standard for providing Windows-based file and print services on Unix and Linux systems. 

Many home and corporate network storage systems run Samba and it is frequently installed by default on many Linux systems, making it possible that some users are running Samba without realizing it. Given how easy it is to enable Samba on Linux endpoints, even devices requiring it to be manually enabled will not necessarily be in the clear.

Samba makes it possible for Unix and Linux systems to share files the same way Windows does. While the WannaCry ransomworm impacted Windows systems and was easily identifiable, with clear remediation steps, the Samba vulnerability will impact Linux and Unix systems and could present significant technical obstacles to obtaining or deploying appropriate remediations. These obstacles will most likely present themselves in situations where devices are unmanaged by typical patch deployment solutions or don’t allow OS-level patching by the user. As a result, we believe those systems may be likely conduits into business networks.

Rapid7 Labs discovered more than 104,000 internet-exposed endpoints that appear to be running vulnerable versions of Samba on port 445. Of those, almost 90% (92,570) are running versions for which there is currently no direct patch available. 

Many network-attached storage (NAS) environments are used as network backup systems. A direct attack or worm would render those backups almost useless, so if patching cannot be done immediately, we recommend creating an offline copy of critical data as soon as possible.







« NVMe 1.3 Specifications are finalized with new features · Update Your NAS Server - There is a Vunerability in Samba · AMD Talks AGESA v1.0.0.6 and DRAM »

Related Stories

Netgear router owners please update your firmware - 01/23/2017 09:53 AM
Back in December a vunerability has been exposed on Netgear routers. Most routers already had firmware updates available and most of them can be updated. However Both Netgear and Cert now again issue ...

Update your QNAP NAS Server - 10/03/2014 08:14 AM
If you have not done so and got one, please update your QNAP NAS server with A) the latest firmware, and then B) Patch it with QFix 1.0.1, most if not all QNAP servers are vunerable to the GNU Bash V...

Update your subscribed Guru3D RSS links - 07/22/2011 07:11 AM
Google today made some alterations to their account platform, amongst them feedburner, responsible for serving our RSS feeds. Short version of the story, Google messed up and made the old RSS links a...


Sasco
Member



Posts: 43
Joined: 2004-10-03

#5436199 Posted on: 05/26/2017 02:48 PM
Synology has a patch out:
https://www.synology.com/en-us/releaseNote/DS415+


Fixed Issues
Fixed a security vulnerability regarding samba service (CVE-2017-7494).


nhlkoho
Senior Member



Posts: 7746
Joined: 2005-12-06

#5436220 Posted on: 05/26/2017 03:17 PM
Well there's an update for my Qnap but nothing listed about this vulnerability.


- The NAS does not run out of memory when using thin volumes (or LUNs) and space reclamation on QTS 4.3.x.
- Users can successfully copy files from Promise DAS devices to the NAS using AFP via Thunderbolt.
- The "Snapshot management" option is correctly displayed on the "More" menu of the volumes on the left pane on File Station.
- Users can successfully edit WebDAV connections and save the changes on File Station.
- Apache daemon can successfully start when the Web Server service is enabled.
- Users can upload files that have filenames beginning with "._" to shared folders via SMB.



- After updating the NAS managed by Q'center from 4.2.x to 4.3.x, the administrator of Q'center must input the password of each NAS to continue monitoring.
- Twonky Server is no longer supported. Use the DLNA Media Server built into QTS as your DLNA server.
- Download Station
Users can now be notified when downloads complete (instead of when download tasks complete).
- Virtualization Station
Due to advancements in the backup features, virtual machines created in older versions (1.x/2.x) of Virtualization Station can no longer be backed up and restored in 3.0. (A workaround is to clone an older Virtual Machine; the cloned VM can be backed up/restored, but all original snapshots will be removed)


sdamaged99
Senior Member



Posts: 2035
Joined: 2006-12-12

#5436559 Posted on: 05/27/2017 10:44 AM
unRAID also have a patch out which silently addresses this

https://forums.lime-technology.com/topic/57599-unraid-os-version-635-stable-release-available/

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2021