SYNOLOGY CONFIRMS VULNERABILITY IN DSM

SYNOLOGY CONFIRMS VULNERABILITY IN DSM

DSM patch closes loop

It’s never nice when I receive an urgent email from a company detailing a security flaw in their product.  It’s even less nice when I own and actively use said product, like a Synology NAS drive.

Synology have today sent out a press release detailing a recent security vulnerability that has been found in the DSM operating system used on their NAS products.  The vulnerability could allow un-accredited users from accessing files on your NAS remotely.

Luckily, a DSM update has been made available which will fix the vulnerability, full details in the Synology press release after the image.

Synology_DS412_front_800

Synology® Fixes Vulnerability in DiskStation Manager
Milton Keynes, United Kingdom – 20th February 2014 – Synology® confirmed known security issues (reported as CVE-2013-6955
and CVE-2013-6987) which could cause compromise to file access authority in DSM. An updated DSM version resolving these
issues has been released accordingly.
The following are possible symptoms to appear on affected DiskStations and RackStations:

  • Exceptionally high CPU usage detected in Resource Monitor:

CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any
processes with PWNED in their names

  •  Appearance of non-Synology folder:

An automatically created shared folder with the name “startup”, or a non-Synology folder appearing under the path of
“/root/PWNED”

  • Redirection of the Web Station:

“Index.php” is redirected to an unexpected page

  •  Appearance of non-Synology CGI program:

Files with meaningless names exist under the path of “/usr/syno/synoman”

  •  Appearance of non-Synology script file:

Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.d”
If users identify any of above situations, they are strongly encouraged to do the following:

  • For DiskStations or RackStations running on DSM 4.3, please follow the instruction here to REINSTALL DSM 4.3-3827.
  • For DiskStations or RackStations running on DSM 4.0, it’s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center.
  • For DiskStations or RackStations running on DSM 4.1 or DSM 4.2, it’s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center.

For other users who haven’t encountered above symptoms, it is recommended to go to DSM > Control Panel > DSM
Update page, update to versions above to protect DiskStation from malicious attacks.
Synology has taken immediate actions to fix vulnerability at the point of identifying malicious attacks. As the proliferation of
cybercrime and increasingly sophisticated malware evolves, Synology continues to devote resources to mitigate threats and is
dedicated to providing the most reliable solutions for users. If users still notice their DiskStation behaving suspiciously after being
upgraded to the latest DSM version, please contact security@synology.com

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply