QNAP NAS devices vulnerable to dangerous 'DirtyPipe' Linux bug

By Sead Fadilpašić
last updated

DirtyPipe workarounds are available, as NAS users wait for a patch

pixabay | Elchinator
(Image credit: pixabay | Elchinator)

QNAP has warned users of a high severity vulnerability in the majority of its Network Attached Storage (NAS (opens in new tab)) devices.

First uncovered affecting Linux devices, the Dirty Pipe vulnerability grants low-privileged users, with local access, root privileges to the affected drives (opens in new tab). That allows them to inject, or overwrite data, even in read-only files. 

The flaw was discovered in the Linux Kernel from 5.8 onwards, and even includes Android devices. While there is no evidence of the vulnerability being exploited in the wild, there is a proof-of-concept, published by cybersecurity researcher Max Kellermann.

TechRadar needs yo...

We're looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn't take more than 60 seconds of your time. Thank you for taking part.

>> Click here to start the survey in a new window (opens in new tab) <<

Mitigations and workarounds

QNAP said the patch for the bug has already been issued, for Linux versions 5.16.11, 5.15.25, and 5.10.102. QNAP users, however, will have to wait until the OEM releases its own patch.

"Currently there is no mitigation available for this vulnerability,” the company said in an announcement. “We recommend users to check back and install security updates as soon as they become available."

Devices running QTS 5.0.x and QuTS hero h5.0.x, are affected. That includes QTS 5.0.x on all QNAP x86-based NAS, as well as some QNAP ARM-based NAS devices (opens in new tab); and QuTS hero h5.0.x on all QNAP x86-based NAS and some QNAP ARM-based NAS devices

The full list of affected devices can be found here (opens in new tab). NAS devices running QTS 4.x are not affected, nor vulnerable, the company confirmed.

Read more

> QNAP NAS devices left encrypted by Deadbolt ransomware (opens in new tab)

> QNAP warns of attacks on NAS operating system (opens in new tab)

> QNAP NAS devices hit with surge of ransomware attacks (opens in new tab)

QNAP has also released a temporary fix that users can use, as they wait for the official patch to hit the shelves. That includes disabling the Port Forwarding function of the router, as well as disabling the UPnP function of the QNAP NAS.

The company has also given a detailed explanation on how to off SSH and Telnet connections, change the system port number, update device passwords, and enable IP and account access protection. The instructions can be found here (opens in new tab)

Via: BleepingComputer (opens in new tab)

Sead Fadilpašić
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

See more Computing news