jueves, 2 de enero de 2014

Vulnerabilidad en el firmware DSM de Synology (CVE: 2013-6987)

No es la primera vez que el experto en seguridad Andrea Fabrizi detecta alguna vulnerabilidad en el famoso firmware DSM para equipos NAS de Synology, y en esta ocasión son de nuevo algunos CGI's del Linux que está embedido en estos NAS.


Concretamente la vulnerabilidad de la que os hablo en esta ocasión se trata de la CVE: 2013-6987, y consiste básicamente en el posible acceso a los siguientes CGI's:
  • /webapi/FileStation/html5_upload.cgi
  • /webapi/FileStation/file_delete.cgi
  • /webapi/FileStation/file_download.cgi
  • /webapi/FileStation/file_sharing.cgi
  • /webapi/FileStation/file_share.cgi
  • /webapi/FileStation/file_MVCP.cgi
  • /webapi/FileStation/file_rename.cgi
Si vais revisando las diferentes actualizaciones de DSM sabréis que recientemente salió un pequeño update etiquetado como 4.3-3810 Update 3 y que mejoraba la seguridad del sistema, pues justamente se trata de corregir la posibilidad de que un atacante externo tuviese acceso incluso de escritura sobre estos archivos.

Por este motivo es conveniente si tienes un NAS Synology que actualices la última versión versión disponible de DSM, a fecha de la creación de esta entrada la misma 4.3-3810 Update 3 que corrige el problema.


Vulnerability Summary for CVE-2013-6987
Original release date:12/31/2013
Last revised:12/31/2013
Source: US-CERT/NIST

This vulnerability is currently undergoing analysis and not all information is available.

Please check back soon to view the completed vulnerability summary.
Overview

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF
Name: synologydsm-cve20136987-directory-traversal(89892)
External Source: CONFIRM
Name: http://www.synology.com/en-us/releaseNote/model/DS114
External Source: BID
Name: 64483
External Source: EXPLOIT-DB
Name: 30475
External Source: FULLDISC
Name: 20131220 Synology DSM multiple directory traversal
External Source: MISC
Name: http://packetstormsecurity.com/files/124563

0 comentarios:

Publicar un comentario

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More