Synology-SA-17:18 Samba

Publish Time: 2017-05-25 00:00:00 UTC+8

Last Updated: 2017-05-25 14:46:00 UTC+8

Severity
Important
Status
Resolved

Abstract

CVE-2017-7494 allows remote authenticated users to upload a shared library to a writable shared folder, and perform code execution attacks to take control of servers that host vulnerable Samba services.

Severity

Important

Affected

  • Products

    • DSM 6.1
    • DSM 6.0
    • DSM 5.2
    • DSM 5.1
    • DSM 5.0
    • DSM 4.3
    • DSM 4.2
    • DSM 4.1
    • SRM 1.1
  • Models

    • All Synology models

Description

Samba 3.x after 3.5.0 and 4.x before 4.4.14, 4.5.x before 4.5.10, and 4.6.x before 4.6.4 does not restrict the file path when using Windows named pipes, which allows remote authenticated users to upload a shared library to a writable shared folder, and execute arbitrary code via a crafted named pipe.

Update Availability

Synology has released the updates for affected products:

  • DSM 6.1 update (6.1.1-15101-04)
  • DSM 6.0 update (6.0.3-8754-1)
  • DSM 5.2 update (5.2-5967-3)
  • For DSM 5.1 / 5.0 / 4.3 users, please update to DSM 5.2 (5.2-5967-3).
  • DSM 4.2 update (4.2-3259)
  • For DSM 4.1 users, please update to DSM 4.2 (4.2-3259).
  • SRM 1.1 update (1.1.4-6509-1)

Mitigation

For an immediate workaround, please contact us at security@synology.com.

References

https://www.samba.org/samba/security/CVE-2017-7494.html

https://access.redhat.com/security/cve/CVE-2017-7494

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7494