QNAP warns most of its NAS devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’. By exploiting this vulnerability an attacker can gain root access.
The Dirty Pipe flaw, tracked as CVE-2022-0847, was discovered by the security expert Max Kellermann that explained that it can allow local users to gain root privileges on all major distros.
The exploit allows local users to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on a read-only mount. The vulnerability affects Linux Kernel 5.8 and later versions.
It is possible to use the exploit to modify the /etc/passwd file to set the root user without a password. Using this trick a non-privileged user could execute the command ‘su root’ to gain access to the root account. The researcher Phith0n also published an updated version of the exploit that allows gaining root privileges by overwriting a SUID program like ./exp /usr/bin/su to drop a root shell at /tmp/sh and then executing the script.
QNAP reported that the following versions of QTS and QuTS hero are affected by the flaw:
- QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS
- QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS
Customers who have Internet-exposed NAS devices are recommended to disable the Port Forwarding function and disable the UPnP function.
QNAP told its customers that is working on a software release to address the flaw in its NAS devices.Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.- the company added.