Asustor Security Advisory AS-2022-014: Samba
Concering Samba security updates to address vulnerabilities in multiple versions of Samba in use with ADM NAS OS
This is a Press Release edited by StorageNewsletter.com on August 31, 2022 at 2:00 pmAsustor, Inc. had published a security advisory concerning Samba used in ADM NAS OS.
Severity: Important Status: Ongoing
Statement
The Samba Team has released security updates to address vulnerabilities in multiple versions of Samba.
- CVE-2022-32742 will affect a susceptible version of ADM NAS OS with SMB1 service enabled.
- CVE-2022-2031, CVE-2022-32744, and CVE-2022-32746 allow remote authenticated users to bypass security constraint and conduct denial-of-service attacks via a susceptible version of ADM NAS OS with SMB service enabled.
- CVE-2022-32745 will not affect Asustor products as this vulnerability only affect Samba 4.13 and later.
Affected products
|
Product |
Severity |
Fixed release availability |
|---|---|---|
|
ADM 4.1 |
Important |
Ongoing |
|
ADM 4.0 |
Important |
Ongoing |
Mitigation
The administrators can set ‘Lowest SMB version’ of the SMB service as SMB2 to mitigate the specific vulnerability: CVE-2022-32742.
The administrators can disable SMB service to mitigate the specific vulnerabilities. In environments where SMB service is still needed, changing your password and using a strong password for SMB client connection authentication can be used as temporary mitigation.
Detail
-
CVE-2022-32742, CVE-2022-2031, CVE-2022-32744, CVE-2022-32745, CVE-2022-32746
-
Severity: Important
-
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
-
Reference
Revision
|
Revision |
Date |
Description |
|---|---|---|
|
1 |
2022-08-02 |
Initial public release. |
|
2 |
2022-08-24 |
Update mitigation information. |
Subscribe to our free daily newsletter
