Western Digital has fixed a critical severity vulnerability that enabled attackers to gain remote code execution with root privileges on unpatched My Cloud OS 5 devices.
This flaw is an out-of-bounds heap read/write (tracked as CVE-2021-44142) in the Samba vfs_fruit VFS module.
It can be exploited by unauthenticated threat actors in low complexity attacks targeting My Cloud devices running vulnerable firmware versions.
“This specific flaw exists within the parsing of extended attributes (EA) metadata when opening a file in smbd,” the data storage company explained.
“This vulnerability can be exploited by unauthenticated users if they are allowed write access to file extended attributes.”
Bug addressed by removing vulnerable Samba module
While default configurations are exposed to attacks, threat actors need write access to a file’s extended attributes (this could also be a guest or unauthenticated user if they are allowed write access to file extended attributes, according to the Samba Team.
Western Digital addressed the vulnerability by removing the “fruit” VFS module from the list of configured VFS objects and changing EA support configurations in My Cloud OS 5 Firmware 5.21.104, released on March 23, 2022.
The American hard disk drive manufacturer advises customers to update their devices to the latest firmware by clicking the update alert as soon as possible.
The list of devices considered vulnerable to CVE-2021-44142 attacks includes:
- My Cloud PR2100
- My Cloud PR4100
- My Cloud EX4100
- My Cloud EX2 Ultra
- My Cloud Mirror Gen 2
- My Cloud DL2100
- My Cloud DL4100
- My Cloud EX2100
- My Cloud
- WD Cloud
Netatalk critical flaw also patched this week
This week, Western Digital fixed one more critical vulnerability in the open-source Netatalk Apple File Protocol fileserver used to access network shares and perform Time Machine backups.
The bug was addressed by deprecating the Netatalk service and removing it from My Cloud OS with the 5.19.117 firmware update.
After installing the firmware to the latest version, the Netatalk service will no longer be available.
However, My Cloud device users can still configure them to access network shares via SMB (info on how to do that is available on this support page).
Source: https://www.bleepingcomputer.com/news/security/western-digital-patches-samba-bug-giving-root-on-my-cloud-devices/