CVE-2014-5457 Information

Description

QNAP TS-469U with firmware 4.0.7 Build 20140410 TS-459U TS-EC1679U-RP and SS-839 use world-readable permissions for /etc/config/shadow which allows local users to obtain usernames and hashed passwords by reading the password.

Reference

http://seclists.org/fulldisclosure/2014/Jul/57 http://seclists.org/fulldisclosure/2014/Jul/58 http://seclists.org/fulldisclosure/2014/Jul/59 http://seclists.org/fulldisclosure/2014/Jul/61