Security Vulnerabilities Affect All Qnap NAS Running QTS
How to correct?
This is a Press Release edited by StorageNewsletter.com on June 2, 2017 at 2:22 pmQNAP Systems, Inc. published security enhancement against security vulnerabilities that could affect specific versions of QNAP products.
Use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for Samba Writable Share Vulnerability
- Release date: May 27, 2017
- Last updated: May 27, 2017
- Bulletin ID: NAS-201705-27
- Severity rating: High
- CVE identifier: CVE-2017-7494
- Affected products: All NAS running QTS
Summary
The Samba team has released an advisory for CVE-2017-7494, a vulnerability that may allow users with write access to upload a shared library to a writeable shared folder and then execute malicious code.
Solution
QNAP is currently working on a fix and will release an update in the coming days.
For manually applying a workaround
References:
https://www.samba.org/samba/security/CVE-2017-7494.html
https://www.samba.org/samba/history/security.html
https://access.redhat.com/security/cve/CVE-2017-7494
Subscribe to our free daily newsletter
