Executive Summary

Summary
Title Synology DiskStation Manager arbitrary file modification
Informations
Name VU#615910 First vendor Publication 2014-01-07
Vendor VU-CERT Last vendor Modification 2014-01-07
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#615910

Synology DiskStation Manager arbitrary file modification

Original Release date: 07 Jan 2014 | Last revised: 07 Jan 2014

Overview

Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges.

Description

CWE-284: Improper Access Control - CVE-2013-6955

Synology DiskStation Manager versions 4.3-3776-3 and below allow a remote unauthenticated user to append arbitrary data to files on the system under root privileges. According to Synology:

    Synology File Station in DSM employs a technique called "Slice Upload" to upload files when the file size is over 4GB [in the] Firefox browser. Since this feature is implemented in DSM4.0, all versions of DSM after DSM4.0 are subject to this vulnerability.

To exploit this vulnerability, an attacker needs to send a specially crafted HTTP POST request to /webman/imageSelector.cgi containing the header fields X-TYPE-NAME: SLICEUPLOAD and X-TMP-FILE with the valid path of the file to append malicious code or data.

Impact

A remote unauthenticated attacker may be able to execute arbitrary code on the system under root privileges.

Solution

Apply an Update

Synology has advised users to upgrade to the latest version of DiskStation Manager (DSM).

For Synology products released in 2008 (x08 series), DSM4.0-2259 has been released to address this issue.
For Synology products released after 2009, DSM4.2-3243 has been released to address this issue for DSM4.2 users. DSM4.3-3810 Update 1 has been released to address this issue for DSM4.3 users.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SynologyAffected08 Nov 201319 Dec 2013
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base10.0AV:N/AC:L/Au:N/C:C/I:C/A:C
Temporal7.8E:POC/RL:OF/RC:C
Environmental2.0CDP:L/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://www.synology.com/en-us/dsm/index
  • http://www.synology.com/en-us/support/download

Credit

Thanks to Markus Wulftange for reporting this vulnerability.

This document was written by Todd Lewellen.

Other Information

  • CVE IDs:CVE-2013-6955
  • Date Public:07 Jan 2014
  • Date First Published:07 Jan 2014
  • Date Last Updated:07 Jan 2014
  • Document Revision:14

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/615910

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Os 4

Snort® IPS/IDS

Date Description
2014-02-15 Synology DiskStation Manager SLICEUPLOAD remote command execution attempt
RuleID : 29387 - Revision : 3 - Type : SERVER-WEBAPP

Nessus® Vulnerability Scanner

Date Description
2014-02-05 Name : The remote Synology DiskStation Manager is affected by a remote code executio...
File : synology_dsm_4_2_3243.nasl - Type : ACT_GATHER_INFO
2014-02-05 Name : The remote Synology DiskStation Manager is affected by multiple vulnerabilities.
File : synology_dsm_4_3_3810_1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
Date Informations
2014-02-17 12:08:02
  • Multiple Updates
2014-01-10 17:22:51
  • Multiple Updates
2014-01-09 21:24:38
  • Multiple Updates
2014-01-07 21:19:38
  • Multiple Updates
2014-01-07 17:18:17
  • First insertion