SB2023033037 - Multiple vulnerabilities in QNAP devices running Samba

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023033037

SB2023033037 - Multiple vulnerabilities in QNAP devices running Samba

Published: March 30, 2023

Security Bulletin ID SB2023033037
Severity
Medium
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Heap-based buffer overflow (CVE-ID: CVE-2022-3437)

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. A remote user can send specially crafted data to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.



2) UNIX symbolic link following (CVE-ID: CVE-2022-3592)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to a symlink following issue. A remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS can create symlinks to files outside of the smbd configured share path and access otherwise restricted files on the server. 


Remediation

Install update from vendor's website.

References