Synology-SA-17:72 Samba

Abstract

Multiple security vulnerabilities have been found in Samba which allows remote attackers to launch a denial-of-service attack, retrieve sensitive information or possibly execute arbitrary codes from a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).

Severity

• CVE-2017-14746
  • Impact: Important
  • CVSS3 Base Score: 8.8
  • CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
• CVE-2017-15275
  • Impact: Moderate
  • CVSS3 Base Score: 5.3
  • CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected

• Products
  • DSM 6.1
  • DSM 6.0
  • DSM 5.2
  • SRM 1.1
• Models
  • All Synology models

Description

• CVE-2017-14746
  All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server.
• CVE-2017-15275
  All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.

Mitigation

For DSM 6.1

1. Go to Control Panel > File Service > SMB > Advanced Settings, and set Minimum SMB protocol as SMB2.

For DSM 6.0

1. Go to Control Panel > Applications > Terminal & SNMP, and tick Enable SSH service.
2. Log in to DSM via SSH as "admin" and execute the following command:
   sudo /usr/bin/sed -i '/min protocol/d' /etc/samba/smb.conf && sudo sh -c "echo 'min protocol=SMB2' >> /etc/samba/smb.conf" && sudo /sbin/restart smbd

For DSM 5.2

1. Go to Contol Panel > Applications > Terminal & SNMP and tick Enable SSH service.
2. Log in to DSM via SSH as "root" and execute the following command:
   /bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd

For SRM 1.1

1. Go to Control Panel > Services > System Services and tick Enable SSH service.
2. Log in to SRM via SSH as "root" and execute the following command:
   /bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.4-15217-2 or above.

For DSM 5.2 and DSM 6.0 users, please update DSM to 6.1.4-15217-2 or above.

Reference

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14746
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15275
• https://www.samba.org/samba/security/CVE-2017-14746.html
• https://www.samba.org/samba/security/CVE-2017-15275.html