The terms of the GNU General Public License as published by the Free Softwareįoundation either version 2 of the License, or (at your option) any later This program is free software you can redistribute it and/or modify it under With a simple command afpd -V we can check what features have been compiled into Netatalk.Īfpd 3.1.10 - Apple Filing Protocol (AFP) daemon of Netatalk The good news Time Machine support is available. That was probably a wise decision to save space and provide a broader range of hardware support. To disable AFP on your QTS or QuTS hero NAS device, you will have to go to Control Panel> Network & File Services> Win/Mac/NFS/WebDAV> Apple Networkingand select Disable AFP (Apple Filing Protocol).Many of the Netatalk goodies such as Spotlight search, Zeroconfig, ACL and LDAP support have been disabled. Until an update has been made available, QNAP advises uses of affected devices to disable AFP and install security updates as soon as they become available. TrueNAS says it fixed the vulnerabilities in TrueNAS Core 12.0-U8.1on April 14, 2022. The company says that users can continue to access local network shares and perform Time Machine backups via SMB, a different file-sharing protocol. Western Digital removed Netatalk from its firmware, released on January 10, 2022. For other productsupdates are expected to be released as soon as possible. The update is expected to be available in all regions shortly but you can download it from the company's website nowif you want. Given the popularity of Netatalk, QNAP isn't the only vendor that needs to deal with these vulnerabilities.Īnother popular NAS device vendor, Synology, had issued Disk Station Manager version 7.1 to deal with the vulnerabilities. On 22nd of March 2022 the Netatalk team at Sourceforgeannounced Netatalk 3.1.13 with a new feature and several security updates. Version 3.0 of Netatalk was released in July 2012. Netatalkis a free, open-source implementation of AFP that allows the Unix-like operating systems (that frequently power NAS devices) to serve as a file server for macOS systems. Many types of NAS devices support AFP so that macOS systems can access the data on them. In real life this usually means they are used as an external hard-drive that can be accessed over an intranet or the Internet.ĪFP is a proprietary network protocol, and part of the Apple File Service (AFS), that offers file services for macOS and the classic Mac OS. AFP and NetatalkĪ NAS device is a storage server connected to a computer network, storing data that can be accessed by a wide variety of devices, including Windows, macOS, and other systems. Given the severity of the vulnerabilities, keep an eye for updates. build 20220419 and later, but it is still working to release security updates for all affected QNAP operating system versions. In a security advisory, QNAP says it has fixed the Netatalk vulnerabilities for QTS 4. All of them are remote code execution (RCE) vulnerabilities, and all of them have a CVSS severity scoreof 9.8 out of 10. Taiwanese corporation QNAP has asked customers to disable the AFP file service protocol on its NAS appliances while it creates fixes for multiple, critical Netatalk vulnerabilities. Others have already done so, or have taken more drastic measures. But QNAP is not the only vendor that needed to fix these vulnerabilities. MacOS users that have a network-attached storage (NAS) device made by QNAP are being advised to disable the Apple Filing Protocol (AFP) on their devices until some severe vulnerabilities have been fixed.
0 Comments
Leave a Reply. |