A threat researcher who goes by the name Max Kellermann found and detailed a high severity flaw in QNAP Devices. The flaw could allow anyone with local access to gain root privileges. Using the previously announced Linux vulnerability tracked as CVE-2022-0487, also known as Dirty Pipe, a local user could overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable to the read-only mount. The flaw affects Linux version 5.8 and later. Another security researcher on Twitter, Phith0n explained that it is possible to use the exploit to modify the /etc/passwd file to set the root user without a password. Using this trick, a non-privileged user could execute the command ‘su root’ to gain access to the root account. There has been no patch to this flaw for QNAP at the time of writing, although several Linux distribution vendors have patched CVE-2022-0487 for their software.
Analyst Notes
QNAP is aware of this vulnerability and is working on creating a patch to push to the affected devices. For a full list of the affected models, the company urges customers to check “Kernel Version 5.10.60” in the following link: https://www.qnap.com/go/release-notes/kernel and pointed out that QNAP NAS running QTS 4.x are not affected. If anyone find that they are running an affected version they should be sure to apply the security patch when it becomes available. In the meantime, QNAP administrators may wish to temporarily suspend access for untrusted users of their QNAP systems if the unprivileged users should not be allowed to have root access.
https://securityaffairs.co/wordpress/129076/hacking/qnap-nas-dirty-pipe.html?utm_source=feedly&utm_medium=rss&utm_campaign=qnap-nas-dirty-pipe
