安全ID : NAS-201810-11
Security Advisory for Samba Vulnerabilities
发布日期 : October 11, 2018
通用漏洞披露 : CVE-2018-10858 | CVE-2018-10919
受影响产品: QTS 4.2.6: build 20180711 and earlier versions
QTS 4.3.3: build 20180810 and earlier versions
QTS 4.3.4: build 20180810 and earlier versions
严重程度
Moderate
状态
已解决
Summary
Multiple samba vulnerabilities have been reported, two of which affect QTS. If exploited, these vulnerabilities could allow attackers to execute arbitrary codes (CVE-2018-10858) or access sensitive information on the NAS (CVE-2018-10919).
We have already fixed these issues in the following QTS versions.
- QTS 4.2.6: build 20180829 and later
- QTS 4.3.3: build 20180829 and later
- QTS 4.3.4: build 20180830 and later
Other reported vulnerabilities (CVE-2018-1139, CVE-2018-1140, and CVE-2018-10918) do not affect QNAP devices as these only affect Samba 4.7 and later versions.
Recommendation
To fix these vulnerabilities, we recommend updating QTS to the latest version.
Installing the QTS Update
- Log on to QTS as administrator.
- Go to Control Panel > System > Firmware Update.
- Under Live Update, click Check for Update.
QTS downloads and installs the latest available update.
修订历史: V1.0 (October 11, 2018) - Published
