guest user running avahi.deamon !?!?!?!?

Questions about using Windows AD service.
Post Reply
poulTS431
New here
Posts: 2
Joined: Sat Apr 29, 2017 2:54 pm

guest user running avahi.deamon !?!?!?!?

Post by poulTS431 » Sat Apr 06, 2019 5:02 pm

I've been digging around with an issue of a python script continuously calling samba-tool domain passwordsettings set bla bla bla ....... Support wanted remote access, which I didn't foresee when setting up the NAS, consequently I've not created a separate volume for data I want to maintain in complete control of.

So to my stumbling surprise I found:

9300 guest 832 S /usr/sbin/dbus-daemon --system
12353 guest904 S avahi-daemon: running ["domain".local]

The NAS is behind a firewall so someone from the outside would have to penetrate that unless there is a Trojan inside.....

Any suggestions on what's going on here would be much appreciated

Thank you.

bugmenot4
Starting out
Posts: 23
Joined: Sun Sep 20, 2015 10:39 pm

Re: guest user running avahi.deamon !?!?!?!?

Post by bugmenot4 » Wed May 22, 2019 4:58 pm

QNAP is a giant security hole in everyone's network.

This is not a bare statement. Please read to the end...

1. SSH to your NAS and locate the "Guest Tool".ISO file located in /share/CACHEDEV1_DATA/.qpkg/QKVM
This is actually UltraVNC dated 2015. If you unpack it you will find Windows executable of UltraVNC installer.
Go ahead and install it. It sets itself as VNC server and installs 5 drivers named "RedHat Drivers". I can guess
one for each input device on your PC (keyboard, Mice, WebCam, Microphone and your Monitor). The installer
of course is not signed and Windows UAC pops-up a warning. If you look at their web site, this thing is capable
to punch a hole in your firewall with a single click on a 166k executable file, so you
start sharing your screen and your keyboard buffer before you even know it. http://www.uvnc.com/products/uvnc-sc.html

But wait! there is more...

2. The home page of this Guest Tool (UltraVNC) fails miserable on security tests:
here: https://www.ssllabs.com/ssltest/analyze ... w.uvnc.com
and here: https://securityheaders.com/?q=www.uvnc ... directs=on

3. There a nice article (recent actually) published March 30, 2019 describing 22 security vulnerabilities.
Highly recommended: https://infosec-handbook.eu/blog/uvnc-vulnerabilities/

This is not a joke!
QNAP actually things that Guest Tool is a valuable feature in their marketing campaign:
https://www.qnap.com/en/how-to/search/Guest%20Tool
https://www.qnap.com/en/how-to/search/VNC


I would like to hear what QNAP has to say about this.

Happy Qnapping everyone.

Cheers,

dolbyman
Guru
Posts: 14088
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: guest user running avahi.deamon !?!?!?!?

Post by dolbyman » Wed May 22, 2019 9:20 pm

not sure what the guest tools issue is here..if the vnc is outdated..dont install it in your vm ..just install the drivers

and if you need qnaps response..you would need to ask them

bugmenot4
Starting out
Posts: 23
Joined: Sun Sep 20, 2015 10:39 pm

Re: guest user running avahi.deamon !?!?!?!?

Post by bugmenot4 » Thu May 23, 2019 7:38 am

dolbyman wrote:
Wed May 22, 2019 9:20 pm
not sure what the guest tools issue is here..if the vnc is outdated..dont install it in your vm ..just install the drivers
VNC is installed by Virtualization station, and can not be removed, not can it be disabled (see the screenshots)
Virtualization Station users have unrestricted access to console by default...
The Virtio-serial is enabled by default...

But more important is that QNAP's security depends on VNC which suppose to provide security solution, while it has been demonstrated that VNC is not able to provide its own security!
This simple tells me that QNAP does not understand the concept of trust.

but did you actually read my previous post?
UltraVNC – a security nightmare, and the opening paragraph in this link outlines the exact problem that QNAS has: https://infosec-handbook.eu/blog/uvnc-v ... ities/#sbh
The article is about VNC, which is a third party vendor on whom QNAP is heavily reliant.
dolbyman wrote:
Wed May 22, 2019 9:20 pm
and if you need qnaps response..you would need to ask them
Suppose I reach out to support. What technology does QNAP tech support uses to remote connect to my NAS? VNC?
You do not have the required permissions to view the files attached to this post.

dolbyman
Guru
Posts: 14088
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: guest user running avahi.deamon !?!?!?!?

Post by dolbyman » Thu May 23, 2019 9:13 am

esxi also has this webclient running by default (see guest os even from bootup)

so you are saying that the vm vnc ports are open to anyone in the network or just local connections?

and I have never requested support from qnap .. so no idea how the remote support works

dolbyman
Guru
Posts: 14088
Joined: Sat Feb 12, 2011 2:11 am
Location: Vancouver BC , Canada

Re: guest user running avahi.deamon !?!?!?!?

Post by dolbyman » Thu May 23, 2019 11:50 pm

well I just tested it .. and you are correct
The VNC is not installed on the guest, but is running on the host machine providing access to the guest

access is not limited to localhost connections and no password is net by default

as I don't have any important VM's running (just Win10 eval) and no foreigners in my network, I am not too worried, but it is still something that should be fixed (at least limit VNC access to localhost only)

QEMU wiki entry about it
https://wiki.archlinux.org/index.php/QEMU#VNC

emanresu
New here
Posts: 5
Joined: Mon Jan 14, 2019 5:17 pm

Re: guest user running avahi.deamon !?!?!?!?

Post by emanresu » Tue Jun 11, 2019 9:41 pm

if you don't open ports and disable upnp, will the security be better?

User avatar
Don
Guru
Posts: 11959
Joined: Thu Jan 03, 2008 4:56 am
Location: Long Island, New York
Contact:

Re: guest user running avahi.deamon !?!?!?!?

Post by Don » Tue Jun 11, 2019 10:18 pm

emanresu wrote:
Tue Jun 11, 2019 9:41 pm
if you don't open ports and disable upnp, will the security be better?
The threat vectors will be less and the ability to exploit existing vulnerabilities from outside is eliminated.
Read the Online Manuals and use the forum search feature before posting.

It is a recommended to use RAID and have external backups. RAID will protect you from disk failure, keep your system running, and data accessible while the disk is replaced and the RAID rebuilt. Backups will allow you to recover data that is lost or corrupted, or from system failure. One does not replace the other.

Submit bugs and feature requests to QNAP via their Helpdesk app.

NAS: TVS-882BR | F/W: 4.3.6.0895 | 40GB | 2 x M.2 SATA RAID 1 (System/VMs) | 4 x M.2 NMVe QM2-4P-384A RAID 5 (Cache) | 5 x 4TB HDD RAID 6 (Data) | 1 x Blu-ray
NAS: TVS-663 | F/W: 4.3.6.0993 | 16GB | 2 x M.2 NMVe QM2-2P RAID 1 (Cache) | 4 x 4TB RAID 5
Apps: Boinc, Squid, DNSMasq, PLEX, iDrive, QVPN, QLMS, MP3fs, HBS, Entware, DLstation, +others

Post Reply

Return to “Windows Domain & Active Directory”