I'm a user not a technical wizard as some/most are here. I have never used putty before and am slightly confused and wary about the recent patch for the above vulnerability.
Can someone please help me?
I have installed the fix patch using system firmware update as I hope I should have done. Thats question 1, did I do it right?
Second question, should I then go on to do the required putty commands?
Third question, do I need to restart between each operation?
Last question, the Malware Remover V2.1.2, is that only manually run or do I need to run it regularly?
Thanks for any (constructive ) help offered
Mike
Security Advisory for Samba Writable Share Vulnerability
-
- Starting out
- Posts: 16
- Joined: Tue Oct 13, 2009 4:41 am
- Location: Surrey
- Moogle Stiltzkin
- Guru
- Posts: 11445
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Security Advisory for Samba Writable Share Vulnerability
brief intro to sambacryHow bad is it?
The internet is not on fire yet, but there’s a lot of potential for it to get pretty nasty. If there is a vulnerable version of Samba running on a device, and a malicious actor has access to upload files to that machine, exploitation is trivial.
In a Project Sonar scan run today, Rapid7 Labs discovered more than 104,000 internet-exposed endpoints that appear to be running vulnerable versions of Samba on port 445. Of those, almost 90% (92,570) are running versions for which there is currently no direct patch available. In other words, “We're way beyond the boundary of the Pride Lands.” (sorry - we promise that’s the last Lion King reference. Maybe.)
[youtube=]pZLYZtDNil0[/youtube]
more detailed info (use chrome google translation)
http://www.qingpingshan.com/pc/aq/270402.html
http://securityaffairs.co/wordpress/594 ... n-now.html
https://community.rapid7.com/community/ ... le-of-life
qnaps own alert regarding this matter
QNAP Security Advisory | Bulletin ID: NAS-201705-27
Taipei, Taiwan, May 27, 2017 - QNAP® had published security enhancement against security vulnerabilities that could affect specific versions of QNAP products. Please use the following information and solutions to correct the security issues and vulnerabilities.
Security Advisory for Samba Writable Share Vulnerability
Release date: May 27, 2017
Last updated: May 27, 2017
Bulletin ID: NAS-201705-27
Severity rating: High
CVE identifier: CVE-2017-7494
Affected products: All NAS running QTS
Summary
The Samba team has released an advisory for CVE-2017-7494, a vulnerability that may allow users with write access to upload a shared library to a writeable shared folder and then execute malicious code.
Solution
QNAP is currently working on a fix and will release an update in the coming days. For manually applying a workaround, refer to QNAP Forum ( viewtopic.php?f=5&t=132991&p=617561#p617561)
References:
https://www.samba.org/samba/security/CVE-2017-7494.html
https://www.samba.org/samba/history/security.html
https://access.redhat.com/security/cve/CVE-2017-7494
got this from the qnap newsletter highly recommended to subscribe. or at the very least check the security bulletin from time to time
https://www.qnap.com/en/support/con_show.php?cid=41
Last edited by Moogle Stiltzkin on Sat May 27, 2017 11:53 pm, edited 3 times in total.
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
- Moogle Stiltzkin
- Guru
- Posts: 11445
- Joined: Thu Dec 04, 2008 12:21 am
- Location: Around the world....
- Contact:
Re: Security Advisory for Samba Writable Share Vulnerability
Attack code
After seeing the announcement, the founder of the penetration test framework Metasploit @hdmoore quickly developed a vulnerability verification code that only needs a line of code to take advantage of:Currently the vulnerability in Metasploit already has a module that can be used to validate Ubuntu 16.04 and Fortune NAS devices, and more versions are still validated.Code: Select all
Simple.create_pipe ("/ path / to / target.so")
[youtube=]BVZBcNDDC-4[/youtube]PRODUCT UPDATE 3 - 5/25/17 -
We now have a Metasploit module available for this vulnerability,
https://community.rapid7.com/external-l ... n_pipename
so you can see whether you can be exploited via Samba CVE-2017-7494, and understand the impact of such an attack. Download Metasploit to try it out.
https://community.rapid7.com/external-l ... ownload%2F
Just a short demo of the new metasploit commit for Samba CVE-2017-7494
[youtube=]JML84NJqnQU[/youtube]
NAS
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
[Main Server] QNAP TS-877 (QTS) w. 4tb [ 3x HGST Deskstar NAS & 1x WD RED NAS ] EXT4 Raid5 & 2 x m.2 SATA Samsung 850 Evo raid1 +16gb ddr4 Crucial+ QWA-AC2600 wireless+QXP PCIE
[Backup] QNAP TS-653A (Truenas Core) w. 4x 2TB Samsung F3 (HD203WI) RaidZ1 ZFS + 8gb ddr3 Crucial
[^] QNAP TL-D400S 2x 4TB WD Red Nas (WD40EFRX) 2x 4TB Seagate Ironwolf, Raid5
[^] QNAP TS-509 Pro w. 4x 1TB WD RE3 (WD1002FBYS) EXT4 Raid5
[^] QNAP TS-253D (Truenas Scale)
[Mobile NAS] TBS-453DX w. 2x Crucial MX500 500gb EXT4 raid1
Network
Qotom Pfsense|100mbps FTTH | Win11, Ryzen 5600X Desktop (1x2tb Crucial P50 Plus M.2 SSD, 1x 8tb seagate Ironwolf,1x 4tb HGST Ultrastar 7K4000)
Resources
[Review] Moogle's QNAP experience
[Review] Moogle's TS-877 review
https://www.patreon.com/mooglestiltzkin
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Security Advisory for Samba Writable Share Vulnerability
Not sure on how this flood of free rider information does help the OP, Moogle ...
The Security advisory for the CVE-2017-7494 vulnerability does just offer a temporary workaround for these legacy NAS models (TS-x39, TS-x59, TS-509/809), which does limit the usability of the NAS to some extent - once applied, it's no longer possible to browser the NAS shared folders starting from the \\nasname ie. in Explorer.
The following command must be cut and paste direct to the NAS shell:
This is also documented -> https://download.qnap.com/Storage/Qfix/ ... SbySSH.pdf
In case you want to undo this temporary fix - once a qfix or an updated firmware will be available - copy and paste this to the NAS shell again:
Regards,
-Kurt
The Security advisory for the CVE-2017-7494 vulnerability does just offer a temporary workaround for these legacy NAS models (TS-x39, TS-x59, TS-509/809), which does limit the usability of the NAS to some extent - once applied, it's no longer possible to browser the NAS shared folders starting from the \\nasname ie. in Explorer.
The following command must be cut and paste direct to the NAS shell:
Code: Select all
cp /etc/config/smb.conf /etc/config/smb.conf.copy;sed -i '/^nt pipe support/d' /etc/config/smb.conf;sed -i '/\[global\]/ant pipe support = no' /etc/config/smb.conf;/etc/init.d/smb.sh restart
In case you want to undo this temporary fix - once a qfix or an updated firmware will be available - copy and paste this to the NAS shell again:
Code: Select all
mv /etc/config/smb.conf.copy /etc/config/smb.conf;sed -i '/^nt pipe support/d' /etc/config/smb.conf;/etc/init.d/smb.sh restart
-Kurt
-
- Easy as a breeze
- Posts: 365
- Joined: Sat Jul 14, 2012 8:24 pm
Re: Security Advisory for Samba Writable Share Vulnerability
Looks like the forum post has been updated to include Qfixes for all models now.
Unless I'm being blind, I can't find the setting to change what kind of QNAP I have on my profile. I now own a TS-253A
- schumaku
- Guru
- Posts: 43578
- Joined: Mon Jan 21, 2008 4:41 pm
- Location: Kloten (Zurich), Switzerland -- Skype: schumaku
- Contact:
Re: Security Advisory for Samba Writable Share Vulnerability
For all NAS models running QTS 4.3.3 to be correct.ensignvorik wrote:Looks like the forum post has been updated to include Qfixes for all models now.