Just received an update for DL series NASs to address Samba vulnerabilities. Took a long time from the time of public disclosure.
The latest single bay My Cloud 2.x firmware released a day or two ago also got the fix for CVE-2017-7494.
Letās hope they finally get around to the v4 firmwareā¦
Update if you havenāt done yet
And if you donāt want to update then disable remote access at the very least.
some of the victims had no chance to avoid infection because WD relase the fix so late, in mid to late november. It was made available by samba in may, and almost every other NAS vendor patched it in time.
even seagate updated their firmware in july!
now WD should fix this one: Samba - Security Announcement Archive
Not too much of an issue, at least for me. SMB serverās ports are not exposed to the Internet. If I need SMB access from the Internet then Iāll be setting-up a Rasberry Pi as a VPN server.
ā¦ but itāll now be interesting to see how long it takes for WD up apply an update to this one.
Im using latest Samba on Debian Stretch and dont have any problems