Important Information about Vulnerability CVE-2015-0240

Publish Time: 2015-02-26 00:00:00 UTC+8

Last Updated: UTC+8

Status
Resolved

Description

A vulnerability has been discovered for SAMBA, an open source implementation of the CIFS network file sharing protocol. It is a memory management flaw in the CIFS file services which could result in a exploit by sending specially-crafted packets. Synology is unaware of any cases at this time.

First-step solution

This exploit has already been mitigated since CIFS is commonly used in local area networks, which eliminates security threats from the Internet.

For precaution only, set up firewall to block CIFS ports (137-139, 445) from the Internet. Creating firewall rules at Control Panel > Security > Firewall helps prevent unauthorized login and control service access.

Update availability

This vulnerability has been addressed in the release of DSM 5.1-5022 Update 3 for x10, x11, x12, x13, x14, and x15 series. Update for DSM 4.2 for x09 series will be released by the end of March. x08 (and older) series are not affected by this vulnerability.