Synology-SA-17:18 Samba
Publish Time: 2017-05-25 00:00:00 UTC+8
Last Updated: 2017-05-25 14:46:00 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.
Severity
Important
Affected
Products
- DSM 6.1
- DSM 6.0
- DSM 5.2
- DSM 5.1
- DSM 5.0
- DSM 4.3
- DSM 4.2
- DSM 4.1
- SRM 1.1
Models
- All Synology models
Description
Samba 3.x after 3.5.0 and 4.x before 4.4.14, 4.5.x before 4.5.10, and 4.6.x before 4.6.4 does not restrict the file path when using Windows named pipes, which allows remote authenticated users to upload a shared library to a writable shared folder, and execute arbitrary code via a crafted named pipe.
Update Availability
Synology has released the updates for affected products:
- DSM 6.1 update (6.1.1-15101-04)
- DSM 6.0 update (6.0.3-8754-1)
- DSM 5.2 update (5.2-5967-3)
- For DSM 5.1 / 5.0 / 4.3 users, please update to DSM 5.2 (5.2-5967-3).
- DSM 4.2 update (4.2-3259)
- For DSM 4.1 users, please update to DSM 4.2 (4.2-3259).
- SRM 1.1 update (1.1.4-6509-1)
Mitigation
For an immediate workaround, please contact us at security@synology.com.
References
https://www.samba.org/samba/security/CVE-2017-7494.html