AMD FidelityFX Super Resolution - preview
ASUS ROG Swift PG259QN 360Hz Monitor review
ASRock Z590 Taichi review
Zotac GeForce RTX 3070 Ti AMP Holo review
Gigabyte GeForce RTX 3070 Ti Gaming OC review
Palit GeForce RTX 3070 Ti GamingPRO review
GeForce RTX 3070 Ti founder edition review
MSI GeForce RTX 3070 Ti Suprim X review
Asus ROG Gladius III (wired and wireless) mouse review
GeForce RTX 3080 Ti founder edition review
Update Your NAS Server - There is a Vunerability in Samba
There is a new a new vunerability discovered with Samba it affects versions 3.5 (released March 1, 2010) and onwards, the defacto standard for providing Windows-based file and print services on Unix and Linux systems.
Many home and corporate network storage systems run Samba and it is frequently installed by default on many Linux systems, making it possible that some users are running Samba without realizing it. Given how easy it is to enable Samba on Linux endpoints, even devices requiring it to be manually enabled will not necessarily be in the clear.
Samba makes it possible for Unix and Linux systems to share files the same way Windows does. While the WannaCry ransomworm impacted Windows systems and was easily identifiable, with clear remediation steps, the Samba vulnerability will impact Linux and Unix systems and could present significant technical obstacles to obtaining or deploying appropriate remediations. These obstacles will most likely present themselves in situations where devices are unmanaged by typical patch deployment solutions or don’t allow OS-level patching by the user. As a result, we believe those systems may be likely conduits into business networks.
Rapid7 Labs discovered more than 104,000 internet-exposed endpoints that appear to be running vulnerable versions of Samba on port 445. Of those, almost 90% (92,570) are running versions for which there is currently no direct patch available.
Many network-attached storage (NAS) environments are used as network backup systems. A direct attack or worm would render those backups almost useless, so if patching cannot be done immediately, we recommend creating an offline copy of critical data as soon as possible.
Netgear router owners please update your firmware - 01/23/2017 10:53 AM
Back in December a vunerability has been exposed on Netgear routers. Most routers already had firmware updates available and most of them can be updated. However Both Netgear and Cert now again issue ...
Update your QNAP NAS Server - 10/03/2014 09:14 AM
If you have not done so and got one, please update your QNAP NAS server with A) the latest firmware, and then B) Patch it with QFix 1.0.1, most if not all QNAP servers are vunerable to the GNU Bash V...
Update your subscribed Guru3D RSS links - 07/22/2011 08:11 AM
Google today made some alterations to their account platform, amongst them feedburner, responsible for serving our RSS feeds. Short version of the story, Google messed up and made the old RSS links a...
nhlkoho
Senior Member
Posts: 7750
Joined: 2005-12-06
Senior Member
Posts: 7750
Joined: 2005-12-06
#5436220 Posted on: 05/26/2017 04:17 PM
Well there's an update for my Qnap but nothing listed about this vulnerability.
- The NAS does not run out of memory when using thin volumes (or LUNs) and space reclamation on QTS 4.3.x.
- Users can successfully copy files from Promise DAS devices to the NAS using AFP via Thunderbolt.
- The "Snapshot management" option is correctly displayed on the "More" menu of the volumes on the left pane on File Station.
- Users can successfully edit WebDAV connections and save the changes on File Station.
- Apache daemon can successfully start when the Web Server service is enabled.
- Users can upload files that have filenames beginning with "._" to shared folders via SMB.
- After updating the NAS managed by Q'center from 4.2.x to 4.3.x, the administrator of Q'center must input the password of each NAS to continue monitoring.
- Twonky Server is no longer supported. Use the DLNA Media Server built into QTS as your DLNA server.
- Download Station
Users can now be notified when downloads complete (instead of when download tasks complete).
- Virtualization Station
Due to advancements in the backup features, virtual machines created in older versions (1.x/2.x) of Virtualization Station can no longer be backed up and restored in 3.0. (A workaround is to clone an older Virtual Machine; the cloned VM can be backed up/restored, but all original snapshots will be removed)
Well there's an update for my Qnap but nothing listed about this vulnerability.
- The NAS does not run out of memory when using thin volumes (or LUNs) and space reclamation on QTS 4.3.x.
- Users can successfully copy files from Promise DAS devices to the NAS using AFP via Thunderbolt.
- The "Snapshot management" option is correctly displayed on the "More" menu of the volumes on the left pane on File Station.
- Users can successfully edit WebDAV connections and save the changes on File Station.
- Apache daemon can successfully start when the Web Server service is enabled.
- Users can upload files that have filenames beginning with "._" to shared folders via SMB.
- After updating the NAS managed by Q'center from 4.2.x to 4.3.x, the administrator of Q'center must input the password of each NAS to continue monitoring.
- Twonky Server is no longer supported. Use the DLNA Media Server built into QTS as your DLNA server.
- Download Station
Users can now be notified when downloads complete (instead of when download tasks complete).
- Virtualization Station
Due to advancements in the backup features, virtual machines created in older versions (1.x/2.x) of Virtualization Station can no longer be backed up and restored in 3.0. (A workaround is to clone an older Virtual Machine; the cloned VM can be backed up/restored, but all original snapshots will be removed)
sdamaged99
Senior Member
Posts: 2035
Joined: 2006-12-12
Senior Member
Posts: 2035
Joined: 2006-12-12
#5436559 Posted on: 05/27/2017 11:44 AM
unRAID also have a patch out which silently addresses this
https://forums.lime-technology.com/topic/57599-unraid-os-version-635-stable-release-available/
unRAID also have a patch out which silently addresses this
https://forums.lime-technology.com/topic/57599-unraid-os-version-635-stable-release-available/
Click here to post a comment for this news story on the message forum.
Member
Posts: 43
Joined: 2004-10-03
Synology has a patch out:
https://www.synology.com/en-us/releaseNote/DS415+
Fixed Issues
Fixed a security vulnerability regarding samba service (CVE-2017-7494).