This article is more than 1 year old
SoftNAS no longer a soft touch for hackers (for now)... Remote-hijacking vulnerability patched
Your files are someone else's files, too, thanks to storage bug
SoftNAS has plugged a serious vulnerability in its cloud storage management tool that can be exploited to execute malicious code on a victim's server.
Core Security's Fernando Díaz and Fernando Catoira discovered the command-injection security flaw in the StorageCenter component of SoftNAS Cloud version pre-4.0.3. The programming blunder can be abused by an unauthenticated attacker to execute arbitrary system commands on the management server with root permissions.
The bug (CVE-2018-14417) lies in the software's mechanism for checking for updates: it does not perform session nor authentication verification, and does not sanitize its user-supplied inputs. More specifically, the snserv script did not sanitize its input parameters before passing it to a system command. Miscreants can exploit this to open a root shell on the victim's server running StorageCenter.
Core Security notified SoftNAS about the cockup, and passed on its findings in late May. SoftNAS verified the problem and developed a patch, which it released earlier this month – clearing the way for Core Security to publish an advisory late last week.
SoftNAS released SoftNAS Cloud 4.0.3 to address the vulnerability, which you should install as soon as possibble. The associated release notes briefly refer to a security fix alongside performance improvements bundled with the release. ®