Synology-SA-17:18 Samba

Publish Time: 2017-05-25 00:00:00 UTC+8

Last Updated: 2017-05-25 14:46:00 UTC+8

Severity: Important

Status: Resolved

Abstract

CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.

Severity

Important

Affected

Products
- DSM 6.1
- DSM 6.0
- DSM 5.2
- DSM 5.1
- DSM 5.0
- DSM 4.3
- DSM 4.2
- DSM 4.1
- SRM 1.1
Models
- All Synology models

Description

Samba 3.x after 3.5.0 and 4.x before 4.4.14, 4.5.x before 4.5.10, and 4.6.x before 4.6.4 does not restrict the file path when using Windows named pipes, which allows remote authenticated users to upload a shared library to a writable shared folder, and execute arbitrary code via a crafted named pipe.

Update Availability

Synology has released the updates for affected products:

DSM 6.1 update (6.1.1-15101-04)
DSM 6.0 update (6.0.3-8754-1)
DSM 5.2 update (5.2-5967-3)
For DSM 5.1 / 5.0 / 4.3 users, please update to DSM 5.2 (5.2-5967-3).
DSM 4.2 update (4.2-3259)
For DSM 4.1 users, please update to DSM 4.2 (4.2-3259).
SRM 1.1 update (1.1.4-6509-1)

Mitigation

For an immediate workaround, please contact us at security@synology.com.

References

https://www.samba.org/samba/security/CVE-2017-7494.html

https://access.redhat.com/security/cve/CVE-2017-7494

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7494