QNAP Warns Severe Linux Bug Affects Most of its NAS Devices

by
janrinok
from SoylentNews on (#5X5ET)

upstart writes:

QNAP warns severe Linux bug affects most of its NAS devices:

Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed 'Dirty Pipe' that allows attackers with local access to gain root privileges.

The 'Dirty Pipe' security bug affects Linux Kernel 5.8 and later versions, even on Android devices. If successfully exploited, it allows non-privileged users to inject and overwrite data in read-only files, including SUID processes that run as root.

[...] Dirty COW, a similar Linux vulnerability fixed in 2016, was previously used by malware to root Android devices and plant backdoors, although it was harder to exploit.

While a patch was released for the security flaw one week ago with Linux kernels versions 5.16.11, 5.15.25, and 5.10.102, QNAP says that its customers will have to wait until the company releases its own security updates.

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title SoylentNews
Feed Link https://soylentnews.org/
Feed Copyright Copyright 2014, SoylentNews
Reply 0 comments