Author Topic: Samba-Vulnerability(CVE-2017-14746, CVE-2017-15275)  (Read 168 times)

Texturtle

  • Administrator
  • *****
  • Posts: 566
  • RAID is NOT a substitute for a good backup
Samba-Vulnerability(CVE-2017-14746, CVE-2017-15275)
« on: December 12, 2017, 10:49:47 am »
Description
The following vulnerabilities exist in Samba used in our NAS products and wireless routers.

CVE-2017-14746
   It is possible that SMB can become unusable due to a malicious SMB1 request.
        Depending on the product, a restart may be necessary.

CVE-2017-15275
Samba before 4.7.3 might allow remote attackers to obtain sensitive information by leveraging failure of the server to clear allocated heap memory.

Products Affected by CVE-2017-14746

TeraStation 3010 and 5010 Series
LS500 Series


Products Affected by CVE-2017-15275

TeraStation
TS5010/TS3010 Series
TS7000 Series - fixed by firmware 2.62
TS5000 Series - fixed by firmware 3.61
TS5200DS Series
TS3000 Series - fixed by firmware 1.84
TS1000 Series
TS-X Series
TS-V Series

LinkStation
LS500 Series
LS400 Series
LS200 Series
LS-X Series
LS-V Series
LS-WSXL Series

AirStation (If using NAS/file sharing capabilities)

WXR-1900DHPD
WZR-1750DHPD
WZR-600DHP2D
WHR-300HP2D
WZR-300HP
WZR-HP-AG300H
WZR-HP-G300NH2
WZR-HP-G450H
WZR-450HP2D

Buffalo will update this public release with information about affected products as our investigation continues.

Workarounds
We will release updated firmware to correct the vulnerabilities.
Buffalo strongly recommends that you download the latest firmware as soon as possible after fixed firmware is available.

Contact
For inquiries regarding this matter, please contact us.
« Last Edit: Today at 10:57:13 am by Texturtle »