WDC Tracking Number: WDC-23012
Published: October 23, 2023
Last Updated: October 23, 2023
My Cloud OS 5 Firmware 5.27.157 is a major security release containing updates to help improve the security of your My Cloud devices. Numerous changes were made to the operating system in order to comprehensively improve its security. The major user-visible security highlights of this release are listed below.
The base operating system has been upgraded from Debian 10 “Buster” to Debian 11 “Bullseye” to align with security and stability updates.
For more information on the latest security updates, see the release notes: https://os5releasenotes.mycloud.com/#/
Addressed a vulnerability in the Samba AD that can allow users to bypass certain restrictions associated with changing passwords.
CVE Number: CVE-2022-2031
Addressed a vulnerability in Samba where all version enabled with SMB1 were vulnerable to a server memory information leak bug over SMB1 if a client can write data to a share.
CVE Number: CVE-2022-32742
Addressed an encryption flaw in the Samba AD that could allow users to change other users’ passwords, enabling full domain takeover.
CVE Number: CVE-2022-32744
Addressed a use-after-free vulnerability in the Samba AD LDAP server that could result in a corrupted log output or crash.
CVE Number: CVE-2022-32746
Resolved an integer overflow vulnerability in Samba that affected PAC parsing in MIT Kerberos 5 that may lead to remote code execution on 32-bit platforms and cause a denial of service on other platforms.
CVE Number: CVE-2022-42898
Addressed an insufficiently protected credentials vulnerability that existed in Curl that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
CVE Number: CVE-2022-27774