ReadyNAS 524X vulnerability?

DNMMM · ‎2022-05-03

I get Nessus reports of one detected vulnerability in a ReadyNAS 524X with firmware 6.10.7.

Vulnerability Desc:

The version of Samba running on the remote host is 4.13.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142) - Information leak via symlinks of existence of files or directories outside of the exported share. (CVE-2021-44141) - Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Vendor Fix:

Upgrade to Samba version 4.13.17, 4.14.12, or 4.15.5 or later.

Anyone know if/when this will be fixed?

JeraldM · ‎2022-05-04

Hi @DNMMM,

Thanks for the ping @StephenB!

Upon inquiry, please see the following for each vulnerability:

CVE-2021-44142: Fruit is not enabled by default.
CVE-2021-44141: We don't use symlinks.
CVE-2022-0336 is for Samba AD: we don't use Samba AD.

Regards,

JeraldM

NETGEAR Community Team

View solution in original post

StephenB · ‎2022-05-04

FYI, I see a very old version on 6.10.7

root@NAS:~# smbstatus --version
Version 4.8.0

But Netgear might be backporting security fixes. Tagging the mods, so they can follow up: @Mark_V and @JeraldM

JeraldM · ‎2022-05-04

Hi @DNMMM,

Thanks for the ping @StephenB!

Upon inquiry, please see the following for each vulnerability:

CVE-2021-44142: Fruit is not enabled by default.
CVE-2021-44141: We don't use symlinks.
CVE-2022-0336 is for Samba AD: we don't use Samba AD.

Regards,

JeraldM

NETGEAR Community Team

ReadyNAS 524X vulnerability?

ReadyNAS 524X vulnerability?

Re: ReadyNAS 524X vulnerability?

Re: ReadyNAS 524X vulnerability?

Re: ReadyNAS 524X vulnerability?