Synology-SA-17:57 Samba
Publish Time: 2017-09-25 15:10:08 UTC+8
Last Updated: 2019-12-24 18:00:58 UTC+8
- Severity
- Moderate
- Status
- Resolved
Abstract
Multiple security vulnerabilities have been found in Samba. CVE-2017-12163 allows man-in-the-middle attackers to retrieve sensitive information from a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).
Severity
- CVE-2017-12150
- Impact: Not affected
- CVE-2017-12151
- Impact: Not affected
- CVE-2017-12163
- Impact: Moderate
- CVSS3 Base Score: 4.1
- CVSS3 Base Metrics: CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Affected
- Products
- DSM 6.1
- DSM 6.0
- DSM 5.2
- SRM 1.1
- Models
- All Synology models
Description
- CVE-2017-12150
It was found that samba did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. - CVE-2017-12151
A flaw was found in the way samba client used encryption with the max protocol set as SMB3. The connection could lose the requirement for signing and encrypting to any DFS redirects, allowing an attacker to read or alter the contents of the connection via a man-in-the-middle attack. - CVE-2017-12163
An information leak flaw was found in the way SMB1 protocol was implemented by Samba. A malicious client could use this flaw to dump server memory contents to a file on the samba share or to a shared printer, though the exact area of server memory cannot be controlled by the attacker.
Mitigation
For DSM 6.1
- Go to Control Panel > File Service > SMB > Advanced Settings, and set Minimum SMB protocol as SMB2.
For DSM 6.0
- Go to Control Panel > Applications > Terminal & SNMP, and tick Enable SSH service.
- Log in to DSM via SSH as "admin" and execute the following command:
sudo /usr/bin/sed -i '/min protocol/d' /etc/samba/smb.conf && sudo sh -c "echo 'min protocol=SMB2' >> /etc/samba/smb.conf" && sudo /sbin/restart smbd
For DSM 5.2
- Go to Control Panel > Applications > Terminal & SNMP and tick Enable SSH service.
- Log in to DSM via SSH as "root" and execute the following command:
/bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd
For SRM 1.1
- Go to Control Panel > Services > System Services and tick Enable SSH service.
- Log in to SRM via SSH as "root" and execute the following command:
/bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd
Update Availability
To fix the security issue, please update DSM 5.2 to 6.1.4-15217 or above, DSM 6.0 to 6.1.4-15217 or above and DSM6.1 to 6.1.4-15217 or above.
Reference
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12150
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12151
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12163
- https://access.redhat.com/security/cve/cve-2017-12150
- https://access.redhat.com/security/cve/cve-2017-12151
- https://access.redhat.com/security/cve/cve-2017-12163
- https://www.samba.org/samba/security/CVE-2017-12150.html
- https://www.samba.org/samba/security/CVE-2017-12151.html
- https://www.samba.org/samba/security/CVE-2017-12163.html