Dirty Pipe Linux flaw impacts most QNAP NAS devices

Pierluigi Paganini March 15, 2022

Taiwanese vendor QNAP warns most of its NAS devices are impacted by high severity Linux vulnerability dubbed ‘Dirty Pipe.’

Taiwanese hardware vendor QNAP warns most of its Network Attached Storage (NAS) devices are impacted by the recently discovered Linux vulnerability ‘Dirty Pipe.’

An attacker with local access can exploit the high-severity vulnerability Dirty Pipe to gain root privileges.

The Dirty Pipe flaw, tracked as CVE-2022-0847, was discovered by the security expert Max Kellermann that explained that it can allow local users to gain root privileges on all major distros.

Kellerman published technical details about the Dirty Pipe flaw along with a proof-of-concept (PoC) exploit that allows local users to overwrite any file contents in the page cache, even if the file is not permitted to be written, immutable or on a read-only mount. The vulnerability affects Linux Kernel 5.8 and later versions.

BleepingComputer reported a tweet published by the security researcher Phith0n who explained that it is possible to use the exploit to modify the /etc/passwd file to set the root user without a password. Using this trick a non-privileged user could execute the command ‘su root’ to gain access to the root account. The researcher Phith0n also published an updated version of the exploit that allows gaining root privileges by overwriting a SUID program like ./exp /usr/bin/su to drop a root shell at /tmp/sh and then executing the script.

QNAP reported that the following versions of QTS and QuTS hero are affected by the flaw:

  • QTS 5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS
  • QuTS hero h5.0.x on all QNAP x86-based NAS and certain QNAP ARM-based NAS

For a full list of the affected models, the company urges customers to check “Kernel Version 5.10.60” in the following link: https://www.qnap.com/go/release-notes/kernel and pointed out that QNAP NAS running QTS 4.x are not affected.

QNAP told its customers that is working on a software release to address the flaw in its NAS devices.

“A local privilege escalation vulnerability, also known as “dirty pipe”, has been reported to affect the Linux kernel on QNAP NAS running QTS 5.0.x and QuTS hero h5.0.x. If exploited, this vulnerability allows an unprivileged user to gain administrator privileges and inject malicious code.” reads the advisory published by the vendor. “QNAP is thoroughly investigating the vulnerability. We will release security updates and provide further information as soon as possible.

“Currently there is no mitigation available for this vulnerability. We recommend users to check back and install security updates as soon as they become available.” the company added.

Customers who have Internet-exposed NAS devices are recommended to disable the Port Forwarding function and disable the UPnP function.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, QNAP NAS)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment