Author Topic: UPDATED : Investigation of CVE-2017-7494 (SambaCry) On Buffalo NAS and Routers  (Read 724 times)

Eastmarch

  • 1500 Lb Water Buffalo
  • Administrator
  • *****
  • Posts: 253
Possible issue :

Description from https://www.samba.org/samba/security/CVE-2017-7494.html

All versions of Samba from 3.5.0 onwards are vulnerable to a remote
code execution vulnerability, allowing a malicious client to upload a
shared library to a writable share, and then cause the server to load
and execute it.

Affected Products :

TERASTATION:
TS5010 - Resolved by firmware 3.20 released 6/19/2017 (Only Windows updater available at this time)
TS3010 - Resolved by firmware 3.20 released 6/19/2017 (Only Windows updater available at this time)
TS7000 - Resolved by firmware 2.61 released 6/20/2017
TS5000 - Resolved by firmware 3.52 released 6/27/2017
TS5200DS
TS3000 - Resolved by firmware 1.82 released 6/20/2017
TS1000 - Resolved by firmware 1.60 released 7/10/2017
TS-X - Resolved by firmware 1.71 released 7/3/2017
TS-V - Resolved by firmware 1.30 released 7/12/2017

LINKSTATION:
LS400 - Resolved by firmware 1.83 released 6/27/2017
LS200 - Resolved by firmware 1.66 released 6/27/2017
LS-X - Resolved by firmware 1.73 released 7/3/2017
LS-V - Resolved by firmware 1.73 released 7/3/2017

Recommendation :

We will release firmware that will resolve this issue as soon as possible. As a precaution in the meantime, be certain that write access to Samba shares are granted only to trusted users.
« Last Edit: July 12, 2017, 08:50:32 am by Eastmarch »
**A single copy of data, even on a RAID array, is NOT a backup! Hard drive failure is not a question of IF, but WHEN! Don't take my word for it, take Google's!**