facebook rss twitter

Synology fixes DiskStation Manager software vulnerabilities

by Mark Tyson on 20 February 2014, 14:00

Tags: Synology

Quick Link: HEXUS.net/qaca2n

Add to My Vault: x

Synology has today confirmed some known security issues in its DiskStation Manager (DSM) software and issued updates to address them. We are told that engineers at the Milton Keynes based Network Attached Storage (NAS) specialist firm have worked through several nights to fix these vulnerabilities.

Depending upon your DiskStation or RackStation different updates have been supplied as below:

  • For DiskStations or RackStations running on DSM 4.3, please follow the instruction here to REINSTALL DSM 4.3-3827.
  • For DiskStations or RackStations running on DSM 4.0, it's recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center.
  • For DiskStations or RackStations running on DSM 4.1 or DSM 4.2, it's recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center.

There are a number of symptoms DSM users should be aware of which will give them an indication that their DiskStation or RackStation has been compromised by malware. I shall quote the possible symptoms directly for the email Synology sent to HEXUS:

  • Exceptionally high CPU usage detected in Resource Monitor: CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
  • Appearance of non-Synology folder: An automatically created shared folder with the name "startup", or a non-Synology folder appearing under the path of "/root/PWNED"
  • Redirection of the Web Station: "Index.php" is redirected to an unexpected page
  • Appearance of non-Synology CGI program: Files with meaningless names exist under the path of "/usr/syno/synoman"
  • Appearance of non-Synology script file: Non-Synology script files, such as "S99p.sh", appear under the path of "/usr/syno/etc/rc.d"

Even if you have experienced no attack symptoms it is still recommended that you update your DSM software to the versions as detailed above via the DSM control panel update page.

Synology says that it takes these vulnerabilities extremely seriously as part of its mission of "providing the most reliable solutions for users". The company points out that it took immediate actions to address the CVE-2013-6955 and CVE-2013-6987 security issues and spends considerable time and resources on preventing such problems.

DiskStation or RackStation users who have undertaken the suggested updates but still observe any suspicious activity are asked to email security@synology.com with further information.

HEXUS Forums :: 2 Comments

Login with Forum Account

Don't have an account? Register today!
Posted by Apex - Thu 20 Feb 2014 15:11
Got a email direct from support about this; applied the update not long after.

Think this is patched in the Beta of DSM5 from the start so they have nothing to worry about.
Posted by Devastater6194 - Sat 22 Feb 2014 14:23
I like the idea of these NAS systems but the 4 bay ones are so expensive. I ended up just going for Silverstones 4 bay DAS for Ā£100. Nice to see them being updated so that they will be secure by the time I think they are worth the price they ask.