Author Topic: Samba-Vulnerability(CVE-2017-14746, CVE-2017-15275)  (Read 13184 times)

Texturtle

  • Administrator
  • *****
  • Posts: 893
  • RAID is NOT a substitute for a good backup
Samba-Vulnerability(CVE-2017-14746, CVE-2017-15275)
« on: December 12, 2017, 10:49:47 AM »
Description
The following vulnerabilities exist in Samba used in our NAS products and wireless routers.

CVE-2017-14746
   It is possible that SMB can become unusable due to a malicious SMB1 request.
        Depending on the product, a restart may be necessary.

CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.
There is currently no known exploit associated with this vulnerability. Currently shipping units will be updated during normal update cycles.

Products Affected by CVE-2017-14746

TeraStation 3010 and 5010 Series - fixed by firmware 4.00
LS500 Series - fixed by firmware 4.31


Products Affected by CVE-2017-15275

TeraStation
TS5010/TS3010 Series - fixed by firmware 4.00
TS7000 Series - fixed by firmware 2.62
TS5000 Series - fixed by firmware 3.61
TS5200DS Series - fixed by firmware 3.61
TS3000 Series - fixed by firmware 1.84
TS1000 Series - fixed by firmware 1.63
TS-X Series - fixed by firmware 1.72
TS-V Series - fixed by firmware 1.31

LinkStation
LS500 Series - fixed by firmware 4.31
LS400 Series - fixed by firmware 1.84
LS200 Series - fixed by firmware 1.67
LS-X Series - fixed by firmware 1.74
LS-V Series - fixed by firmware 1.74
LS-WSXL Series - fixed by firmware 1.74

AirStation (If using NAS/file sharing capabilities)

WXR-1900DHPD
WZR-1750DHPD
WZR-600DHP2D
WHR-300HP2D
WZR-300HP
WZR-HP-AG300H
WZR-HP-G300NH2
WZR-HP-G450H
WZR-450HP2D

Buffalo will update this public release with information about affected products as our investigation continues.

Workarounds
We will release updated firmware to correct the vulnerabilities.
Buffalo strongly recommends that you download the latest firmware as soon as possible after fixed firmware is available.

Contact
For inquiries regarding this matter, please contact us.
« Last Edit: April 01, 2019, 12:34:58 PM by Eastmarch »