Synology-SA-17:72 Samba
Publish Time: 2017-11-21 19:17:51 UTC+8
Last Updated: 2018-01-12 11:23:01 UTC+8
- Severity
- Important
- Status
- Resolved
Abstract
Multiple security vulnerabilities have been found in Samba which allows remote attackers to launch a denial-of-service attack, retrieve sensitive information or possibly execute arbitrary codes from a vulnerable version of Synology DiskStation Manager (DSM) or Synology Router Manager (SRM).
Severity
- CVE-2017-14746
- Impact: Important
- CVSS3 Base Score: 8.8
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- CVE-2017-15275
- Impact: Moderate
- CVSS3 Base Score: 5.3
- CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected
- Products
- DSM 6.1
- DSM 6.0
- DSM 5.2
- SRM 1.1
- Models
- All Synology models
Description
- CVE-2017-14746
All versions of Samba from 4.0.0 onwards are vulnerable to a use after free vulnerability, where a malicious SMB1 request can be used to control the contents of heap memory via a deallocated heap pointer. It is possible this may be used to compromise the SMB server. - CVE-2017-15275
All versions of Samba from 3.6.0 onwards are vulnerable to a heap memory information leak, where server allocated heap memory may be returned to the client without being cleared.
Mitigation
For DSM 6.1
- Go to Control Panel > File Service > SMB > Advanced Settings, and set Minimum SMB protocol as SMB2.
For DSM 6.0
- Go to Control Panel > Applications > Terminal & SNMP, and tick Enable SSH service.
- Log in to DSM via SSH as "admin" and execute the following command:
sudo /usr/bin/sed -i '/min protocol/d' /etc/samba/smb.conf && sudo sh -c "echo 'min protocol=SMB2' >> /etc/samba/smb.conf" && sudo /sbin/restart smbd
For DSM 5.2
- Go to Contol Panel > Applications > Terminal & SNMP and tick Enable SSH service.
- Log in to DSM via SSH as "root" and execute the following command:
/bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd
For SRM 1.1
- Go to Control Panel > Services > System Services and tick Enable SSH service.
- Log in to SRM via SSH as "root" and execute the following command:
/bin/sed -i '/min protocol/d' /usr/syno/etc/smb.conf && /bin/sed -i "/\[global\]/a min protocol=SMB2" /usr/syno/etc/smb.conf && /sbin/restart smbd
Update Availability
To fix the security issue, please update DSM 6.1 to 6.1.4-15217-2 or above.
For DSM 5.2 and DSM 6.0 users, please update DSM to 6.1.4-15217-2 or above.
Reference