Synology-SA-17:57 Samba

Publish Time: 2017-09-25 15:10:08 UTC+8

Last Updated: 2019-12-24 18:00:58 UTC+8

Severity
Moderate
Status
Resolved

Abstract

Multiple security vulnerabilities have been found in Samba. CVE-2017-12163 allows man-in-the-middle attackers to retrieve sensitive information from a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).

Severity

Affected

  • Products
    • DSM 6.1
    • DSM 6.0
    • DSM 5.2
    • SRM 1.1
  • Models
    • All Synology models

Description

  • CVE-2017-12150
    It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text.
  • CVE-2017-12151
    A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack.
  • CVE-2017-12163
    An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.

Mitigation

For DSM 6.1

  1. Go to Control Panel > File Service > SMB > Advanced Settings, and set Minimum SMB protocol as SMB2.

For DSM 6.0

  1. Go to Control Panel > Applications > Terminal & SNMP, and tick Enable SSH service.
  2. Log in to DSM via SSH as "admin" and execute the following command:
    sudo /usr/bin/sed -i '/min protocol/d' /etc/samba/smb.conf && sudo sh -c "echo 'min protocol=SMB2' >> /etc/samba/smb.conf" && sudo /sbin/restart smbd

For DSM 5.2

  1. Go to Control Panel > Applications > Terminal & SNMP and tick Enable SSH service.
  2. Log in to DSM via SSH as "root" and execute the following command:
    /bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd

For SRM 1.1

  1. Go to Control Panel > Services > System Services and tick Enable SSH service.
  2. Log in to SRM via SSH as "root" and execute the following command:
    /bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd

Update Availability

To fix the security issue, please update DSM 5.2 to 6.1.4-15217 or above, DSM 6.0 to 6.1.4-15217 or above and DSM6.1 to 6.1.4-15217 or above.

Reference