Open-E Knowledgebase

[JDSS] [DSS V7] Open-E Samba CVE-2021-44141

Article ID: 3291
Last updated: 23 Mar, 2022

Additional information:

  • product name: JovianDSS / DSS V7
  • product version: all
  • build: all ​​​​​​
     

Description:
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

Solution/workaround:

DSS V7:
Install small update 70733-DSS-V7 first (small update in the attachment of this article).
Make sure to uncheck "unix extensions" in "NAS settings" and don't use SMB and NFS protocols on share at the same time.

JovianDSS:
Uncheck "unix extensions" in: Storage settings - SMB settings and don't use SMB and NFS protocols on share at the same

Notes:
Above workaround will not be needed in the JovianDSS up30 version.

This article was:   Helpful | Not helpful Report an issue


Article ID: 3291
Last updated: 23 Mar, 2022
Revision: 2
Views: 0
Posted: 23 Mar, 2022 by Stolarczyk M.
Updated: 23 Mar, 2022 by Stolarczyk M.
print  Print email  Subscribe email  Email to friend share  Share pool  Add to pool
Tags
samba vulnerabilities
Attached files
item upd_70733-DSS-V7.upd (356 kb) Download

Also listed in
folder JovianDSS -> JovianDSS Information -> General info

Prev     Next
[JDSS][DSS V7] Open-E Log4j (Log4Shell Exploit) Statement       [JDSS] [DSS V7] Open-E Samba CVE-2021-44142

The Knowledge base is managed by Open-E data storage software company.