Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
ReadyNAS 524X vulnerability?
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2022-05-03
11:56 PM
2022-05-03
11:56 PM
I get Nessus reports of one detected vulnerability in a ReadyNAS 524X with firmware 6.10.7.
Vulnerability Desc: | The version of Samba running on the remote host is 4.13.x prior to 4.13.17, 4.14.x prior to 4.14.12, or 4.15.x prior to 4.15.5. It is, therefore, affected by multiple vulnerabilities: - Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution. (CVE-2021-44142) - Information leak via symlinks of existence of files or directories outside of the exported share. (CVE-2021-44141) - Samba AD users with permission to write to an account can impersonate arbitrary services. (CVE-2022-0336) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. |
Vendor Fix: | Upgrade to Samba version 4.13.17, 4.14.12, or 4.15.5 or later. |
Anyone know if/when this will be fixed?
Solved! Go to Solution.
Message 1 of 3
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2022-05-04
09:34 AM
2022-05-04
09:34 AM
Message 3 of 3
All Replies
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2022-05-04
03:51 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2022-05-04
09:34 AM