Search

Security ID : NAS-201907-31

Security Advisory for Samba AD DC

  • Release date : July 27, 2019

  • CVE identifier : CVE-2018-16860

  • Affected products: All QNAP NAS running QTS 4.3.3 and earlier versions

Severity

Moderate

Status

Resolved

Summary

A reported Samba 4.0 AD DC vulnerability may affect QNAP NAS devices running QTS 4.3.3 and earlier versions. The Samba issue, CVE-2018-16860, prevented the S4U2Self handler in the embedded Heimdal KDC from confirming if the checksum was keyed. If exploited, this vulnerability could allow attackers to perform man-in-the-middle attacks.

We have already fixed this issue in the following QTS versions:

  • QTS 4.4.1: build 20190626 and later
  • QTS 4.4.0: build 20190627 and later
  • QTS 4.3.6: build 20190704 and later
  • QTS 4.3.4: build 20190701 and later
  • QTS 4.3.3: build 20190629 and later

Recommendation

To fix these vulnerabilities, we recommend updating QTS to the latest version.

Installing the QTS Update

  1. Log on to QTS as administrator.
  2. Go to Control Panel > System > Firmware Update.
  3. Under Live Update, click Check for Update.
    QTS downloads and installs the latest available update.

Tip: You can also download the update from the QNAP website. Go to Support > Download Center and then perform a manual update for your specific device.

 

Revision History: V1.0 (July 31, 2019) - Published

Wybierz specyfikację

      Więcej Mniej

      Ta strona dostępna jest w też krajach/regionach:

      open menu
      back to top