Vulnerabilidad en el firmware DSM de Synology (CVE: 2013-6987)

No es la primera vez que el experto en seguridad Andrea Fabrizi detecta alguna vulnerabilidad en el famoso firmware DSM para equipos NAS de Synology, y en esta ocasión son de nuevo algunos CGI's del Linux que está embedido en estos NAS.

Concretamente la vulnerabilidad de la que os hablo en esta ocasión se trata de la CVE: 2013-6987, y consiste básicamente en el posible acceso a los siguientes CGI's:

• /webapi/FileStation/html5_upload.cgi
• /webapi/FileStation/file_delete.cgi
• /webapi/FileStation/file_download.cgi
• /webapi/FileStation/file_sharing.cgi
• /webapi/FileStation/file_share.cgi
• /webapi/FileStation/file_MVCP.cgi
• /webapi/FileStation/file_rename.cgi

Si vais revisando las diferentes actualizaciones de DSM sabréis que recientemente salió un pequeño update etiquetado como 4.3-3810 Update 3 y que mejoraba la seguridad del sistema, pues justamente se trata de corregir la posibilidad de que un atacante externo tuviese acceso incluso de escritura sobre estos archivos.

Por este motivo es conveniente si tienes un NAS Synology que actualices la última versión versión disponible de DSM, a fecha de la creación de esta entrada la misma 4.3-3810 Update 3 que corrige el problema.

Vulnerability Summary for CVE-2013-6987

Original release date:12/31/2013

Last revised:12/31/2013

Source: US-CERT/NIST

This vulnerability is currently undergoing analysis and not all information is available.

Please check back soon to view the completed vulnerability summary.

Overview

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: XF

Name: synologydsm-cve20136987-directory-traversal(89892)

Hyperlink:http://xforce.iss.net/xforce/xfdb/89892

External Source: CONFIRM

Name: http://www.synology.com/en-us/releaseNote/model/DS114

Hyperlink:http://www.synology.com/en-us/releaseNote/model/DS114

External Source: BID

Name: 64483

Hyperlink:http://www.securityfocus.com/bid/64483

External Source: EXPLOIT-DB

Name: 30475

Hyperlink:http://www.exploit-db.com/exploits/30475

External Source: FULLDISC

Name: 20131220 Synology DSM multiple directory traversal

Hyperlink:http://seclists.org/fulldisclosure/2013/Dec/177

External Source: MISC

Name: http://packetstormsecurity.com/files/124563

Hyperlink:http://packetstormsecurity.com/files/124563

Link original de esta información.

Posted in: Seguridad, Synology