Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SYNOLOGY_DSM_4_3_3810_1.NASLHistoryFeb 05, 2014 - 12:00 a.m.
Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities
2014-02-0500:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
According to its version number, the Synology DiskStation Manager installed on the remote host is 4.3-x equal or prior to 4.3-3810. It is, therefore, affected by the following vulnerabilities :
-
A remote code execution vulnerability exists in the File Station component due to improper validation in the βimageSelector.cgiβ script of values submitted in the X-TMP-FILE header field along with the X-TYPE-NAME:
SLICEUPLOAD header field to the βimageSelector.cgiβ script. (CVE-2013-6955) -
An issue exists in the Auto Block feature that could allow IP addresses to be improperly added to the Block List.
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72345);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-6955");
script_bugtraq_id(64516);
script_xref(name:"EDB-ID", value:"30470");
script_xref(name:"CERT", value:"615910");
script_name(english:"Synology DiskStation Manager 4.3-x < 4.3-3810 Update 1 Multiple Vulnerabilities");
script_summary(english:"Checks the version of Synology DiskStation Manager");
script_set_attribute(attribute:"synopsis", value:
"The remote Synology DiskStation Manager is affected by multiple
vulnerabilities.");
script_set_attribute(attribute:"description", value:
"According to its version number, the Synology DiskStation Manager
installed on the remote host is 4.3-x equal or prior to 4.3-3810. It
is, therefore, affected by the following vulnerabilities :
- A remote code execution vulnerability exists in the File
Station component due to improper validation in the
'imageSelector.cgi' script of values submitted in the
X-TMP-FILE header field along with the X-TYPE-NAME:
SLICEUPLOAD header field to the 'imageSelector.cgi'
script. (CVE-2013-6955)
- An issue exists in the Auto Block feature that could
allow IP addresses to be improperly added to the Block
List.
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.securityfocus.com/archive/1/531602/30/0/threaded");
script_set_attribute(attribute:"solution", value:
"Upgrade to 4.3-3810 Update 1 or later or contact the vendor.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Synology DiskStation Manager SLICEUPLOAD Remote Command Execution');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/01/07");
script_set_attribute(attribute:"patch_publication_date", value:"2013/12/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/05");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:synology:diskstation_manager");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("synology_diskstation_manager_detect.nbin");
script_require_keys("www/synology_dsm");
script_require_ports("Services/www", 5000, 5001);
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("http.inc");
include("webapp_func.inc");
port = get_http_port(default:5000, embedded:TRUE);
install = get_install_from_kb(appname:"synology_dsm", port:port, exit_on_fail:TRUE);
app = "Synology DiskStation Manager (DSM)";
dir = install["dir"];
install_loc = build_url(port:port, qs:dir + "/");
version = install["ver"];
if (version == UNKNOWN_VER) audit(AUDIT_UNKNOWN_WEB_APP_VER, app, install_loc);
ver = split(version, sep:".", keep:FALSE);
for (i=0; i<max_index(ver); i++)
ver[i] = int(ver[i]);
if (
(ver[0] == 4 && ver[1] == 3 && ver[2] < 3810) ||
((ver[0] == 4 && ver[1] == 3 && ver[2] == 3810) && report_paranoia == 2)
)
{
if (report_verbosity > 0)
{
report =
'\n URL : ' + install_loc +
'\n Installed version : ' + version +
'\n Fixed version : 4.3-3810 Update 1\n';
security_hole(port:port, extra:report);
}
else security_hole(port);
}
else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_loc, version);
| Vendor | Product | Version | CPE |
|---|---|---|---|
| synology | diskstation_manager | cpe:/a:synology:diskstation_manager |
Related
prion
prion
Design/Logic Flaw
2014-01-09 18:07:00
openvas
openvas
checkpoint_advisories
checkpoint_advisories
Synology DiskStation Manager SLICEUPLOAD Code Execution (CVE-2013-6955)
2014-05-07 00:00:00
nessus
nessus
cve
cve
CVE-2013-6955
2014-01-09 18:07:00
cert
cert
Synology DiskStation Manager arbitrary file modification
2014-01-07 00:00:00
seebug
seebug
Synology DiskStation ManagerθΏη¨ε½δ»€ζ§θ‘ζΌζ΄
2013-12-25 00:00:00
cvelist
cvelist
CVE-2013-6955
2014-01-09 11:00:00
zdt
zdt
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
2013-12-24 00:00:00
packetstorm
packetstorm
Synology DiskStation Manager SLICEUPLOAD Remote Command Execution
2013-12-23 00:00:00
securityvulns
securityvulns
Synology DiskStation Manager code execution
2014-03-27 00:00:00
CVE-2013-6955 Synology DSM remote code execution
2014-03-27 00:00:00
Related for SYNOLOGY_DSM_4_3_3810_1.NASL