QNAP warns severe Linux bug affects most of its NAS devices

From bleepingcomputer.com


Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by a high severity Linux vulnerability dubbed ‘Dirty Pipe’ that allows attackers with local access to gain root privileges.

The ‘Dirty Pipe’ security bug affects Linux Kernel 5.8 and later versions, even on Android devices. If successfully exploited, it allows non-privileged users to inject and overwrite data in read-only files, including SUID processes that run as root.

Security researcher Max Kellermann who found and reported the bug, also released a proof-of-concept (PoC) exploit that enables local users to modify configurations and gain higher privileges and access.

Read more…