The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Synology DSM

vulnerability alert CVE-2015-2213 CVE-2015-5730 CVE-2015-5731

WordPress Core: six vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of WordPress Core.
Impacted products: Debian, Fedora, Synology DSM, WordPress Core.
Severity: 2/4.
Consequences: client access/rights, data reading, data creation/edition, data deletion, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 6.
Creation date: 04/08/2015.
Identifiers: CERTFR-2015-AVI-326, CVE-2015-2213, CVE-2015-5730, CVE-2015-5731, CVE-2015-5732, CVE-2015-5733, CVE-2015-5734, DSA-3332-1, DSA-3332-2, DSA-3383-1, FEDORA-2015-12148, FEDORA-2015-12235, VIGILANCE-VUL-17581.

Description of the vulnerability

Several vulnerabilities were announced in WordPress Core.

An attacker can trigger a Cross Site Scripting of widgets, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-5732]

An attacker can trigger a Cross Site Scripting of accessibility helpers, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-5733]

An attacker can trigger a Cross Site Scripting of Legacy Theme Preview, in order to run JavaScript code in the context of the web site. [severity:2/4; CVE-2015-5734]

An attacker can use a SQL injection, in order to read or alter data. [severity:2/4; CVE-2015-2213]

An attacker can use a Timing Side-channel, in order to perform an attack. [severity:2/4; CVE-2015-5730]

An attacker can lock a post, in order to trigger a denial of service. [severity:1/4; CVE-2015-5731]
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2015-5622 CVE-2015-5623

WordPress Core: two vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities were announced in WordPress Core.
Impacted products: Debian, Fedora, Synology DSM, WordPress Core.
Severity: 3/4.
Consequences: user access/rights, client access/rights, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 23/07/2015.
Identifiers: CERTFR-2015-AVI-316, CVE-2015-5622, CVE-2015-5623, DSA-3328-2, DSA-3332-1, DSA-3332-2, DSA-3383-1, FEDORA-2015-12148, FEDORA-2015-12235, VIGILANCE-VUL-17494.

Description of the vulnerability

Several vulnerabilities were announced in WordPress Core.

An attacker can trigger a Cross Site Scripting, in order to run JavaScript code in the context of the web site. [severity:3/4; CVE-2015-5622]

An attacker with the Subscriber permission can use Quick Draft, in order to create a draft. [severity:2/4; CVE-2015-5623]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-1793

OpenSSL: X.509 certification chain forgery

Synthesis of the vulnerability

An attacker can force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Impacted products: DCFM Enterprise, Brocade Network Advisor, Brocade vTM, ASA, Cisco Catalyst, IOS XE Cisco, Nexus by Cisco, NX-OS, Prime Infrastructure, Cisco PRSM, Cisco Router, Cisco CUCM, Clearswift Email Gateway, BIG-IP Hardware, TMOS, Fedora, FileZilla Server, FreeBSD, hMailServer, HP Switch, HP-UX, IRAD, Juniper J-Series, Junos OS, McAfee Email Gateway, McAfee NGFW, Nodejs Core, OpenSSL, Oracle Communications, Solaris, Slackware, Splunk Enterprise, stunnel, Synology DSM, Synology DS***, Synology RS***, Nessus, Websense Web Security, WinSCP, X2GoClient.
Severity: 3/4.
Consequences: client access/rights, data reading, data creation/edition.
Provenance: internet client.
Creation date: 09/07/2015.
Identifiers: 1962398, 1963151, BSA-2015-009, bulletinjul2015, c04760669, c05184351, CERTFR-2015-AVI-285, CERTFR-2015-AVI-431, cisco-sa-20150710-openssl, cpuoct2017, CVE-2015-1793, FEDORA-2015-11414, FEDORA-2015-11475, FreeBSD-SA-15:12.openssl, HPSBHF03613, HPSBUX03388, JSA10694, SB10125, SOL16937, SPL-103044, SSA:2015-190-01, SSRT102180, VIGILANCE-VUL-17337.

Description of the vulnerability

A certificate validation begins with the creation of a certificate chain, where each certificate provides the public key used to check the signature of the next certificate.

The creation of this chain may be non deterministic, especially when some identification X.509v3 extensions like "Authority Key Identifier" are not provided. When a candidate chain does not allow to validate a given certificate, OpenSSL 1.0.1 and 1.0.2 attempt to find another candidate chain. However, during these attempts, some required checks on the chain are not performed anymore. As a consequence, an attacker can make OpenSSL use its own certificate as a CA certificate, even if it includes the "basicConstraint" extension stating "CA: no". So it can create certificates for any name.

This vulnerability impacts clients checking a server certificate, and TLS servers checking a client certificate.

An attacker can therefore force OpenSSL to accept spoofed certificates, in order to listen for encrypted communications or bypass signature based authentication.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce 17282

Synology Photo Station: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Synology Photo Station.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: client access/rights, data reading.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 01/07/2015.
Identifiers: VIGILANCE-VUL-17282.

Description of the vulnerability

Several vulnerabilities were announced in Synology Photo Station.

An attacker can trigger a Cross Site Scripting, in order to execute JavaScript code in the context of the web site. [severity:2/4]

An attacker can block redirection to "https" based URLs, in order to make the traffic remains unencrypted. [severity:1/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 17256

Synology: SQL injection of Video Station

Synthesis of the vulnerability

An attacker can use a SQL injection in Video Station of Synology, in order to read or alter data.
Impacted products: Synology DSM.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: internet client.
Creation date: 29/06/2015.
Identifiers: VIGILANCE-VUL-17256.

Description of the vulnerability

The Synology product uses a database.

However, user's data are directly inserted in a SQL query.



An attacker can therefore use a SQL injection in Video Station of Synology, in order to read or alter data.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 17255

Synology: Cross Site Scripting of Download Station

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting in Download Station of Synology, in order to execute JavaScript code in the context of the web site.
Impacted products: Synology DSM.
Severity: 2/4.
Consequences: user access/rights.
Provenance: document.
Creation date: 29/06/2015.
Identifiers: VIGILANCE-VUL-17255.

Description of the vulnerability

The Synology product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in Download Station of Synology, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2015-2141

libcrypto++: information disclosure via timing attacks

Synthesis of the vulnerability

Libcrypto++ does not mask the relationship between a private key and the duration of an operation.
Impacted products: Debian, Fedora, openSUSE, Synology DSM.
Severity: 1/4.
Consequences: data reading.
Provenance: intranet client.
Creation date: 29/06/2015.
Identifiers: CVE-2015-2141, DSA-3296-1, FEDORA-2015-10911, FEDORA-2015-10914, openSUSE-SU-2015:1271-1, VIGILANCE-VUL-17253.

Description of the vulnerability

Cryptographic operations for asymmetric algorithms have a duration that typically depends on a private key. Libcrypto++ does not attempt to hide this correlation to protect the secret.
Full Vigil@nce bulletin... (Free trial)

vulnerability 16990

Synology Photo Station: two vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of Synology Photo Station.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 26/05/2015.
Identifiers: VIGILANCE-VUL-16990.

Description of the vulnerability

Several vulnerabilities were announced in Synology Photo Station.

An attacker can trigger a Cross Site Scripting in login.php via $_GET['success'], in order to execute JavaScript code in the context of the web site. [severity:2/4]

An attacker can trigger a Cross Site Scripting in index.php via $urlPrefix.$data['img'] and $urlPrefix.$url, in order to execute JavaScript code in the context of the web site. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2015-4655

Synology DiskStation Manager: Cross Site Scripting

Synthesis of the vulnerability

An attacker can trigger a Cross Site Scripting of Synology DiskStation Manager, in order to execute JavaScript code in the context of the web site.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Creation date: 26/05/2015.
Identifiers: CVE-2015-4655, SFY20150503, VIGILANCE-VUL-16987.

Description of the vulnerability

The Synology DiskStation Manager product offers a web service.

However, it does not filter received data before inserting them in generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting of Synology DiskStation Manager, in order to execute JavaScript code in the context of the web site.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert 16986

Synology Photo Station: command execution via description

Synthesis of the vulnerability

An attacker can use a description containing shell escape characters on Synology Photo Station, in order to execute commands on the system.
Impacted products: Synology DSM, Synology DS***, Synology RS***.
Severity: 3/4.
Consequences: user access/rights.
Provenance: intranet client.
Creation date: 26/05/2015.
Identifiers: SFY20150502, VIGILANCE-VUL-16986.

Description of the vulnerability

The Synology Photo Station product can be installed on DSM.

The photo/webapi/photo.php script calls the UpdateDescriptionMetadata() function, which runs the SYNO_EXIFTOOL_FILE (/usr/syno/bin/synophoto_dsm_user) command. However, the shell command line is built without escaping the "description" field.

An attacker can therefore use a description containing shell escape characters on Synology Photo Station, in order to execute commands on the system.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Synology DSM: