Update Your NAS Server - There is a Vunerability in Samba
There is a new a new vunerability discovered with Samba it affects versions 3.5 (released March 1, 2010) and onwards, the defacto standard for providing Windows-based file and print services on Unix and Linux systems.
Many home and corporate network storage systems run Samba and it is frequently installed by default on many Linux systems, making it possible that some users are running Samba without realizing it. Given how easy it is to enable Samba on Linux endpoints, even devices requiring it to be manually enabled will not necessarily be in the clear.
Samba makes it possible for Unix and Linux systems to share files the same way Windows does. While the WannaCry ransomworm impacted Windows systems and was easily identifiable, with clear remediation steps, the Samba vulnerability will impact Linux and Unix systems and could present significant technical obstacles to obtaining or deploying appropriate remediations. These obstacles will most likely present themselves in situations where devices are unmanaged by typical patch deployment solutions or don’t allow OS-level patching by the user. As a result, we believe those systems may be likely conduits into business networks.
Many network-attached storage (NAS) environments are used as network backup systems. A direct attack or worm would render those backups almost useless, so if patching cannot be done immediately, we recommend creating an offline copy of critical data as soon as possible.
Netgear router owners please update your firmware - 01/23/2017 09:53 AM
Back in December a vunerability has been exposed on Netgear routers. Most routers already had firmware updates available and most of them can be updated. However Both Netgear and Cert now again issue ...
Update your QNAP NAS Server - 10/03/2014 08:14 AM
If you have not done so and got one, please update your QNAP NAS server with A) the latest firmware, and then B) Patch it with QFix 1.0.1, most if not all QNAP servers are vunerable to the GNU Bash V...
Update your subscribed Guru3D RSS links - 07/22/2011 07:11 AM
Google today made some alterations to their account platform, amongst them feedburner, responsible for serving our RSS feeds. Short version of the story, Google messed up and made the old RSS links a...
Senior Member
Posts: 7746
Joined: 2005-12-06
Well there's an update for my Qnap but nothing listed about this vulnerability.
- The NAS does not run out of memory when using thin volumes (or LUNs) and space reclamation on QTS 4.3.x.
- Users can successfully copy files from Promise DAS devices to the NAS using AFP via Thunderbolt.
- The "Snapshot management" option is correctly displayed on the "More" menu of the volumes on the left pane on File Station.
- Users can successfully edit WebDAV connections and save the changes on File Station.
- Apache daemon can successfully start when the Web Server service is enabled.
- Users can upload files that have filenames beginning with "._" to shared folders via SMB.
- After updating the NAS managed by Q'center from 4.2.x to 4.3.x, the administrator of Q'center must input the password of each NAS to continue monitoring.
- Twonky Server is no longer supported. Use the DLNA Media Server built into QTS as your DLNA server.
- Download Station
Users can now be notified when downloads complete (instead of when download tasks complete).
- Virtualization Station
Due to advancements in the backup features, virtual machines created in older versions (1.x/2.x) of Virtualization Station can no longer be backed up and restored in 3.0. (A workaround is to clone an older Virtual Machine; the cloned VM can be backed up/restored, but all original snapshots will be removed)
Senior Member
Posts: 2035
Joined: 2006-12-12
unRAID also have a patch out which silently addresses this
https://forums.lime-technology.com/topic/57599-unraid-os-version-635-stable-release-available/
Member
Posts: 43
Joined: 2004-10-03
Synology has a patch out:
https://www.synology.com/en-us/releaseNote/DS415+
Fixed Issues
Fixed a security vulnerability regarding samba service (CVE-2017-7494).