Description:
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.
Solution/workaround:
DSS V7:
Install small update 70733-DSS-V7 first (small update in the attachment of this article).
Make sure to uncheck "unix extensions" in "NAS settings" and don't use SMB and NFS protocols on share at the same time.
JovianDSS:
Uncheck "unix extensions" in: Storage settings - SMB settings and don't use SMB and NFS protocols on share at the same
Notes:
Above workaround will not be needed in the JovianDSS up30 version.
The Knowledge base is managed by Open-E data storage software company.
