Pagina's: [1]

Auteur Topic: Synology-SA-17:62 Wget  (gelezen 1202 keer)

Offline Larrvyll

  • Bedankjes
  • -Gegeven: 4
  • -Ontvangen: 0
  • Berichten: 44
Synology-SA-17:62 Wget
« Gepost op: 04 november 2017, 14:23:40 »
Abstract

Multiple security vulnerabilities have been found in Wget, and may allow man-in-the-middle attackers to execute arbitrary codes, or cause denial-of-service attack from a vulnerable version of Synology DiskStation Manager (DSM), Synology Router Manager (SRM), and Download Station.

Severity

    CVE-2017-13089
        Impact: Important
        CVSS3 Base Score: 7.3
        CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
    CVE-2017-13090
        Impact: Important
        CVSS3 Base Score: 7.3
        CVSS3 Base Metrics: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected

    Products
        DSM 6.1
        DSM 6.0
        DSM 5.2
        SRM 1.1
        Download Station before 3.8.7-3490
    Models
        All Synology models

Description

    CVE-2017-13089 The http.c:skip_short_body() function is called in some circumstances, such as when processing redirects. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to skip the chunk in pieces of 512 bytes by using the MIN() macro, but ends up passing the negative chunk length to connect.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument.
    CVE-2017-13090 The retr.c:fd_read_body() function is called when processing OK responses. When the response is sent chunked in wget before 1.19.2, the chunk parser uses strtol() to read each chunk's length, but doesn't check that the chunk length is a non-negative number. The code then tries to read the chunk in pieces of 8192 bytes by using the MIN() macro, but ends up passing the negative chunk length to retr.c:fd_read(). As fd_read() takes an int argument, the high 32 bits of the chunk length are discarded, leaving fd_read() with a completely attacker controlled length argument. The attacker can corrupt malloc metadata after the allocated buffer.

Mitigation

None

Update Availability

To fix the security issues: please go to DSM > Package Center and update Download Station to 3.8.7-3490 or above.
Pagina's: [1]
 

office documenten niet op te slaan in synology

Gestart door SylBoard Overige software

 Reacties: 14
Gelezen: 9228 		Laatste bericht 26 februari 2016, 16:07:40
door Thijs.01
Probleem internationaal Synology forum ??

Gestart door GonerBoard Vragen en opmerkingen OVER het forum

 Reacties: 9
Gelezen: 4478 		Laatste bericht 22 mei 2013, 16:08:57
door Nala
Synology vs Hostnet

Gestart door henkvanbovenBoard Web Station

 Reacties: 3
Gelezen: 3458 		Laatste bericht 23 juli 2013, 21:32:41
door henkvanboven
Synology 213+ Mappen op 2 pc's over hetzelfde netwerk

Gestart door marcj2Board NAS hardware vragen

 Reacties: 6
Gelezen: 3714 		Laatste bericht 03 oktober 2013, 18:28:52
door marcj2
Cardsharing on Synology DS109

Gestart door flexman1976Board Overige mods

 Reacties: 3
Gelezen: 6213 		Laatste bericht 13 december 2010, 08:38:37
door thecell