Security ID : NAS-201810-11
Security Advisory for Samba Vulnerabilities
Release date : October 11, 2018
CVE identifier : CVE-2018-10858 | CVE-2018-10919
Affected products: QTS 4.2.6: build 20180711 and earlier versions
QTS 4.3.3: build 20180810 and earlier versions
QTS 4.3.4: build 20180810 and earlier versions
Severity
Moderate
Status
Resolved
Summary
Multiple samba vulnerabilities have been reported, two of which affect QTS. If exploited, these vulnerabilities could allow attackers to execute arbitrary codes (CVE-2018-10858) or access sensitive information on the NAS (CVE-2018-10919).
We have already fixed these issues in the following QTS versions.
- QTS 4.2.6: build 20180829 and later
- QTS 4.3.3: build 20180829 and later
- QTS 4.3.4: build 20180830 and later
Other reported vulnerabilities (CVE-2018-1139, CVE-2018-1140, and CVE-2018-10918) do not affect QNAP devices as these only affect Samba 4.7 and later versions.
Recommendation
To fix these vulnerabilities, we recommend updating QTS to the latest version.
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
Revision History: V1.0 (October 11, 2018) - Published
