Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Scythe Mugen 5 Rev.C CPU Cooler review
be quiet Pure Loop 2 FX 280mm LCS review
HP FX900 1 TB NVMe Review
Scythe FUMA2 Rev.B CPU Cooler review
SK Hynix Platinum P41 2TB M.2 NVMe SSD Review
Corsair K70 RGB PRO Mini Wireless review
MSI MPG A1000G - 1000W PSU Review
Goodram IRDM PRO M.2 SSD 2 TB NVMe SSD Review
Samsung T7 Shield Portable 1TB USB SSD review
DeepCool LS720 (LCS) review

New Downloads
Intel ARC graphics Driver Download Version: 30.0.101.1743
GeForce 516.94 WHQL driver download
Display Driver Uninstaller Download version 18.0.5.4
FurMark Download v1.31
Intel HD graphics Driver Download Version: 31.0.101.3222
AMD Radeon Software Adrenalin 22.7.1 driver download
GeForce 516.93 WHQL Studio driver download
Corsair Utility Engine Download (iCUE) Download v4.26.110
ReShade download v5.3.0
AIDA64 Download Version 6.75


New Forum Topics
Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. AEPICLeak CPU bug affects Intel Core processors from the 10th, 11th, and 12th generations GeForce RTX 4080 and RTX 4070 same consumption as RTX 3080 and RTX 3070 but more performance Spider-Man Remastered Nvidia Profile (Import to Older Driver Sets / ReBAR support) Samsung unveils Galaxy Watch5 and Pro AMD Radeon Software - Preview Drivers - DCH/UWP NVIDIA GeForce 516.94 WHQL driver download & Discussion JPR estimates Intel GPU unit losses at $3.5 billion, suggests selling it Frame rate drop to 12 FPS on Tomb Raider Custom Levels MSI MEG Ai1300P PCIE5 is ATX 3.0 Compliant PSU with 600 W PCIe Connector




Guru3D.com » News » Update Your NAS Server - There is a Vunerability in Samba

Update Your NAS Server - There is a Vunerability in Samba

by Hilbert Hagedoorn on: 05/26/2017 08:14 AM | source: | 3 comment(s)
Update Your NAS Server - There is a Vunerability in Samba

There is a new a new vunerability discovered with Samba it affects versions 3.5 (released March 1, 2010) and onwards, the defacto standard for providing Windows-based file and print services on Unix and Linux systems. 

Many home and corporate network storage systems run Samba and it is frequently installed by default on many Linux systems, making it possible that some users are running Samba without realizing it. Given how easy it is to enable Samba on Linux endpoints, even devices requiring it to be manually enabled will not necessarily be in the clear.

Samba makes it possible for Unix and Linux systems to share files the same way Windows does. While the WannaCry ransomworm impacted Windows systems and was easily identifiable, with clear remediation steps, the Samba vulnerability will impact Linux and Unix systems and could present significant technical obstacles to obtaining or deploying appropriate remediations. These obstacles will most likely present themselves in situations where devices are unmanaged by typical patch deployment solutions or don’t allow OS-level patching by the user. As a result, we believe those systems may be likely conduits into business networks.

Rapid7 Labs discovered more than 104,000 internet-exposed endpoints that appear to be running vulnerable versions of Samba on port 445. Of those, almost 90% (92,570) are running versions for which there is currently no direct patch available. 

Many network-attached storage (NAS) environments are used as network backup systems. A direct attack or worm would render those backups almost useless, so if patching cannot be done immediately, we recommend creating an offline copy of critical data as soon as possible.







« NVMe 1.3 Specifications are finalized with new features · Update Your NAS Server - There is a Vunerability in Samba · AMD Talks AGESA v1.0.0.6 and DRAM »

Related Stories

Netgear router owners please update your firmware - 01/23/2017 10:53 AM
Back in December a vunerability has been exposed on Netgear routers. Most routers already had firmware updates available and most of them can be updated. However Both Netgear and Cert now again issue ...

Update your QNAP NAS Server - 10/03/2014 09:14 AM
If you have not done so and got one, please update your QNAP NAS server with A) the latest firmware, and then B) Patch it with QFix 1.0.1, most if not all QNAP servers are vunerable to the GNU Bash V...

Update your subscribed Guru3D RSS links - 07/22/2011 08:11 AM
Google today made some alterations to their account platform, amongst them feedburner, responsible for serving our RSS feeds. Short version of the story, Google messed up and made the old RSS links a...


Sasco
Member



Posts: 43
Joined: 2004-10-03

#5436199 Posted on: 05/26/2017 03:48 PM
Synology has a patch out:
https://www.synology.com/en-us/releaseNote/DS415+


Fixed Issues
Fixed a security vulnerability regarding samba service (CVE-2017-7494).


nhlkoho
Senior Member



Posts: 7757
Joined: 2005-12-06

#5436220 Posted on: 05/26/2017 04:17 PM
Well there's an update for my Qnap but nothing listed about this vulnerability.


- The NAS does not run out of memory when using thin volumes (or LUNs) and space reclamation on QTS 4.3.x.
- Users can successfully copy files from Promise DAS devices to the NAS using AFP via Thunderbolt.
- The "Snapshot management" option is correctly displayed on the "More" menu of the volumes on the left pane on File Station.
- Users can successfully edit WebDAV connections and save the changes on File Station.
- Apache daemon can successfully start when the Web Server service is enabled.
- Users can upload files that have filenames beginning with "._" to shared folders via SMB.



- After updating the NAS managed by Q'center from 4.2.x to 4.3.x, the administrator of Q'center must input the password of each NAS to continue monitoring.
- Twonky Server is no longer supported. Use the DLNA Media Server built into QTS as your DLNA server.
- Download Station
Users can now be notified when downloads complete (instead of when download tasks complete).
- Virtualization Station
Due to advancements in the backup features, virtual machines created in older versions (1.x/2.x) of Virtualization Station can no longer be backed up and restored in 3.0. (A workaround is to clone an older Virtual Machine; the cloned VM can be backed up/restored, but all original snapshots will be removed)


sdamaged99
Senior Member



Posts: 2037
Joined: 2006-12-12

#5436559 Posted on: 05/27/2017 11:44 AM
unRAID also have a patch out which silently addresses this

https://forums.lime-technology.com/topic/57599-unraid-os-version-635-stable-release-available/

Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2022