Qnap Qfixes for Samba Writable Share Vulnerability
Software to patch vulnerability for NAS
This is a Press Release edited by StorageNewsletter.com on June 7, 2017 at 2:18 pmThe administrators of the open-source software Samba have disclosed a vulnerability in their software, which can be used to execute malicious code on affected devices.
Qnap Systems, Inc. is committed to protecting the privacy and data security of our users and has released Qfixes for firm’s NAS to patch this vulnerability.
The company urges users to install these Qfixes on their firm’s NAS to protect against unauthorized access.
Samba is a network protocol for file and printer sharing. The CVE-2017-7494 remote code execution vulnerability allows clients with write permission to upload a shared library to a shared folder, and then cause the server to load and execute it. By utilizing this exploit, malicious users can run any code on remote servers and obtain administrator privileges.
The company has provided separate Qfixes for QTS version 4.3.x and 4.2.x. The firm recommends that users update QTS to the latest version available for their NAS, and then install the Qfix.
Qnap safeguards cyber security:
Security Bulletins and Advisories
Security Advisory for Samba Writable Share Vulnerability