---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: QNAP Devices Hard Disk Encryption Security Bypass SECUNIA ADVISORY ID: SA36793 VERIFY ADVISORY: http://secunia.com/advisories/36793/ DESCRIPTION: A security issue has been reported in multiple QNAP devices, which can be exploited by malicious, local users to bypass certain security restrictions. The security issue is caused due to the usage of an insecurely stored backup key when encrypting a hard disk. This can be exploited to decrypt the hard disk by using the key stored in flash memory. The security issue is reported in TS-239 Pro and TS-639 Pro firmware versions 3.1.1 0815, 3.1.0 0627, and 2.1.7 0613. Other products and versions may also be affected. SOLUTION: Do not rely on the hard disk encryption feature if access to the flash memory is available. PROVIDED AND/OR DISCOVERED BY: Baseline Security Consulting ORIGINAL ADVISORY: http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------