Hi,
Competing NAS with equivalent SW are warning about critical AFP service vulnerabilities.
Fortunately Netatalk 3.1.13 has just been released to fix several CVEs.
Any plan to integrate soon in current 4.2.x releases and upcoming TOS 5?
In the meantime some may consider disabling that service until a fix is available on TOS.
Thanks for feedback.
AFP/Netatalk critical vulnerabilities
AFP/Netatalk critical vulnerabilities
TerraMaster F2-210 under TOS 4.2.43, RAID1, Btrfs, serving Mac, Linux & Windows clients
Re: AFP/Netatalk critical vulnerabilities
Thanks for your feedback, we will check soon.
To contact our team, please send email to following addresses, remember to replace (at) with @
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Technical team: support(at)terra-master.com (for technical support)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: AFP/Netatalk critical vulnerabilities
As current TOS runs Netatalk 3.1.12, that security update should be pretty straightforward to implement hopefully...
TerraMaster F2-210 under TOS 4.2.43, RAID1, Btrfs, serving Mac, Linux & Windows clients
Re: AFP/Netatalk critical vulnerabilities
Any plan to promply issue a user warning like your competitors have immediately done over a week ago (Synology, QNAP, WD,...)?
While you may work on an update, you may need to provide some mitigation plan to Admins whose systems may be at risk again.
For exemple Synology stance on it:
While you may work on an update, you may need to provide some mitigation plan to Admins whose systems may be at risk again.
For exemple Synology stance on it:
Thanks for demonstrating an acute consideration on these security issues.Netatalk provides file access through AFP (Apple Filing Protocol) on DSM. This service has been disabled by default since DSM 7.0. We recommend using SMB protocol instead when connecting from macOS.
For Synology systems not yet upgraded to DSM 7.1-42661-1 or newer, administrators can disable "AFP service" to mitigate this specific vulnerability. In environments where AFP is still needed, setting up firewall rules to only allow trusted clients to connect over AFP (port 548) can be used as temporary mitigation.
TerraMaster F2-210 under TOS 4.2.43, RAID1, Btrfs, serving Mac, Linux & Windows clients
Re: AFP/Netatalk critical vulnerabilities
We do use the netatalk in our AFP file service, we are working an update, please wait for our update. Thank you!
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Re: AFP/Netatalk critical vulnerabilities
Sure I wait.
The question is: do you plan to warn your customers before the fix is available, so that they know and can take mitigation measures while the wait?
The question is: do you plan to warn your customers before the fix is available, so that they know and can take mitigation measures while the wait?
TerraMaster F2-210 under TOS 4.2.43, RAID1, Btrfs, serving Mac, Linux & Windows clients
Re: AFP/Netatalk critical vulnerabilities
{L_BUTTON_AT}TMroy
Thanks.
TerraMaster F2-210 under TOS 4.2.43, RAID1, Btrfs, serving Mac, Linux & Windows clients
Re: AFP/Netatalk critical vulnerabilities
{L_BUTTON_AT}TMroy
What is the schedule for ARM and x86 firmware fixes?
Thanks.
TerraMaster F2-210 under TOS 4.2.43, RAID1, Btrfs, serving Mac, Linux & Windows clients
Re: AFP/Netatalk critical vulnerabilities
{L_BUTTON_AT}TMroy
Still no news/update...
Meanwhile I notice the recent Forum reorg has buried such kind of issues in FAQ & UserGuide!... Does not seem appropriate.
Would be much better suited into TOS Issues & Experiences under System Update (or eventually File services).
By while you eventually re-direct it, please give some feedback on the actual issue.
PS: please re-enable BBcode & al too
Re: AFP/Netatalk critical vulnerabilities
Will talk to the tech team about the netatalk update.
BBCode is enabled. but I do not know what is al.
BBCode is enabled. but I do not know what is al.
To contact our team, please send email to following addresses, remember to replace (at) with @:
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)
Support team: support(at)terra-master.com (for technical support only)
Service team: service(at)terra-master.com (for purchasing, return, replacement, RMA service)