Important Information Regarding Samba Vulnerability (CVE-2017-2619)

Publish Time: 2017-03-24 00:00:00 UTC+8

Last Updated: 2017-03-24 12:00:00 UTC+8

Severity
Low
Status
Resolved

Abstract

CVE-2017-2619 allows remote attackers to read arbitrary files on the vulnerable Samba server in rare situations.


Severity

Low


Affected

  • Products
    • DSM 6.1
    • DSM 6.0
    • DSM 5.2
    • SRM 1.1
  • Models
    • All Synology models


Description

A time-of-check, time-of-use race condition in Samba 4.6.x before 4.6.1, 4.5.x before 4.5.7, 4.4.x before 4.4.12 allows clients to access non-exported data of the file system via symlinks.


Mitigation

  1. Go to Control Panel > Applications > Terminal & SNMP and tick Enable SSH service

  2. Log in to DSM via SSH as “admin” and execute the following command:

    sudo /usr/bin/sed -i '/\[global\]/a \\tunix extensions=no' /etc/samba/smb.conf && /usr/sbin/restart smbd
  3. Do not share any folders via NFS service if the folder has been shared via SMB service.


Update Availability

Not available yet.


References

https://www.samba.org/samba/security/CVE-2017-2619.html
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-2619.html
https://security-tracker.debian.org/tracker/CVE-2017-2619
https://bugzilla.redhat.com/show_bug.cgi?id=1429472