NAS Compares Dirty Pipe Linux Vulnerability – What Do Synology, QNAP, Asustor & Terramaster NAS Owners Need to Know?

Currently reading
NAS Compares Dirty Pipe Linux Vulnerability – What Do Synology, QNAP, Asustor & Terramaster NAS Owners Need to Know?

Dirty Pipe Linux Weakness and Why You and your Linux Based NAS Should Care?​


For those that might not be aware, a vulnerability in Linux kernel 5.8 and above was disclosed by Max Kellerman last week and publically disclosed (with a proof of concept demonstrating the weakness) and this vulnerability was reported (tracked under CVE-2022-0847) and effectively allows a non-privileged user to inject and overwrite data in read-only files, including SUID processes that run as root. This Linux vulnerability is reported to be comparable to the Dirty CoW vulnerability found in Linux from 7 years ago (CVE-2016-5195) where an exploit was used for pushing malware onto software services. Full details on the public disclosure and demonstration of the vulnerability by Kellerman can be found here, but the larger impact of this is that there are many, MANY different software platforms around the world that utilize Linux as the base of their systems and alongside Android and smart home appliances, one big advocate of Linux kernel-based development is NAS storage providers in their systems and services. Now, on the plus side, Linux was incredibly quick to implement a patch on this and the vulnerability has been closed on Linux kernels 5.16.11, 5.15.25, and 5.10.102, however, most NAS servers use different versions of the Linux kernel, as well as roll out updates to their varied hardware systems in a most bespoke fashion. This leads to them potentially running outdated kernels and leaving a door open to this exploit, posing a significant issue to server administrators. We fully expect NAS brands to roll out updates where appropriate/applicable shortly to close this vulnerability, however, one consistent thread in the past when some NAS brands have been hit by ransomware/malware exploits is when vulnerabilities that are found in older software revisions are left unchecked by the end-user (ignoring brand updates or practising unsafe network security). So today, let’s discuss the dirty pipe vulnerability, how/if it affects Synology, QNAP, Asustor and Terramaster NAS platforms right now and what you should do right now to avoid any exploits being used on your system.


Synology-all-black-logo-for-banner.png




Continue reading...
- - -

Check out FREE NAS advice section on nascompares.com
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

  • Article
Welcome to NASCompares YouTube channel! Check out our next video below. - - - Check out FREE NAS...
Replies
0
Views
958

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top