QNAP QTS / QuTS hero Multiple Vulnerabilities in Samba (QSA-22-03)

high Nessus Plugin ID 159504


The remote device is missing a vendor-supplied security patch.


The version of QNAP QTS or QuTS hero on the remote host is affected by multiple vulnerabilities in the Samba component, as follows:

- The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide '...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver.' Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root. (CVE-2021-44142)

- All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.

- Samba AD users able to write to an account can impersonate existing services, intercept traffic, and cause a denial of service (DoS). (CVE-2022-0336)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Apply the workaround and upgrade to the relevant fixed version referenced in the QSA-22-03 advisory.

See Also


Plugin Details

Severity: High

ID: 159504

File Name: qnap_qts_quts_hero_qsa-22-03.nasl

Version: 1.6

Type: combined

Family: Misc.

Published: 4/5/2022

Updated: 2/3/2023

Supported Sensors: Nessus

Risk Information


Risk Factor: High

Score: 8.9


Risk Factor: High

Base Score: 9

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2021-44142


Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C

CVSS Score Source: CVE-2022-0336

Vulnerability Information

CPE: cpe:/a:qnap:qts, cpe:/o:qnap:qts, cpe:/o:qnap:quts_hero

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/10/2022

Vulnerability Publication Date: 2/10/2022

Reference Information

CVE: CVE-2021-44141, CVE-2021-44142, CVE-2022-0336