NETGEAR ReadyNAS

[elgoretto]

Hi,

It's been a while now that the security advisory CVE-2012-1182 has been out: https://www.samba.org/samba/security/CVE-2012-1182
It basically means that every system running samba is vunerable to anyone gaining remote root access. Cool, isn't it?

So upgrading samba is now a priority for every NAS maker, firmware updates from various vendors are now available. What about Netgear?
In my view, it's urgent to push a fixed 3.x samba into incoming RAIDiator-x86 4.2.20 for example. Or even issuing an intermediate Raidiator update with only this samba update.

[mdgm]

The fix is already in RAIDiator 4.1.9-T10 for Sparc.

The latest public beta of RAIDiator 4.2.20 for x86 includes 3.5.12 and I know a later beta includes 3.5.13. One would expect 4.2.20 which is due for release very soon should have the updated samba 3.5.14 that addresses the vulnerability but we'll have to wait and see. Hopefully someone from NetGear can comment.

[mdgm]

4.2.20 has been released but it contains samba 3.5.13.

[elgoretto]

Vulnerable, so need a fast "rerelease" 4.2.21 with samba Samba 3.5.14.

[Etz]

Maybe they have just patched it?

[mdgm]

Considering the build date for 4.2.20 is prior to the release of 3.5.14 I doubt it.

I reckon we can expect the patch in 4.2.21

[elgoretto]

Is there a way to contact Netgear to get an official statement on this security issue?

[beisser]

CVE-2012-1182 has been patched in 4.2.20 release and the current 4.1.9 beta.

they just forgot to change the samba version number.
if you need the correct version number wait for 4.2.21. there will not be any "hot" release though since the only "issue" is the version number.

[mdgm]

Ah that's good to know. Guess this patch would show up in the GPL?: http://www.ReadyNAS.com/GPL

[beisser]

yeah i guess it would, although im not too good with reading sourcecode

[elgoretto]

Ok, I can confirm this with this nmap script (http://nmap.org/nsedoc/scripts/samba-vuln-cve-2012-1182.html) for 4.2.20 for x86.
It does not report a vulnerable target (damn missing vuln.lua library...).

Code: Select all

# nmap --script ./samba-vuln-cve-2012-1182.nse  -p 139 NAS

Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-04 13:18 CEST
Nmap scan report for NAS (192.168.0.250)
Host is up (0.00052s latency).
rDNS record for 192.168.0.250: NAS.mydomain
PORT    STATE SERVICE
139/tcp open  netbios-ssn

Nmap done: 1 IP address (1 host up) scanned in 1.09 seconds

I don't have readynas with non-x86 architecture, but you should be able to run this script to validate if they have been actually patched or not against CVE-2012-1182.