{"vuid":"VU#615910","idnumber":"615910","name":"Synology DiskStation Manager arbitrary file modification","keywords":["CWE-284","CVE-2013-6955"],"overview":"Synology DiskStation Manager versions 4.3-3776-3 and below contain a vulnerability that allows a remote unauthenticated user to append arbitrary data to an arbitrary file under root privileges.","clean_desc":"CWE-284: Improper Access Control - CVE-2013-6955 Synology DiskStation Manager versions 4.3-3776-3 and below allow a remote unauthenticated user to append arbitrary data to files on the system under root privileges. According to Synology: Synology File Station in DSM employs a technique called \"Slice Upload\" to upload files when the file size is over 4GB [in the] Firefox browser. Since this feature is implemented in DSM4.0, all versions of DSM after DSM4.0 are subject to this vulnerability. To exploit this vulnerability, an attacker needs to send a specially crafted HTTP POST request to /webman/imageSelector.cgi containing the header fields X-TYPE-NAME: SLICEUPLOAD and X-TMP-FILE with the valid path of the file to append malicious code or data.","impact":"A remote unauthenticated attacker may be able to execute arbitrary code on the system under root privileges.","resolution":"Apply an Update Synology has advised users to upgrade to the latest version of DiskStation Manager (DSM). For Synology products released in 2008 (x08 series), DSM4.0-2259 has been released to address this issue. For Synology products released after 2009, DSM4.2-3243 has been released to address this issue for DSM4.2 users. DSM4.3-3810 Update 1 has been released to address this issue for DSM4.3 users.","workarounds":"","sysaffected":"","thanks":"Thanks to Markus Wulftange for reporting this vulnerability.","author":"This document was written by Todd Lewellen.","public":["http://www.synology.com/en-us/dsm/index","http://www.synology.com/en-us/support/download"],"cveids":["CVE-2013-6955"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-11-04T13:09:36Z","publicdate":"2014-01-07T00:00:00Z","datefirstpublished":"2014-01-07T14:30:51Z","dateupdated":"2014-01-07T18:07:10Z","revision":15,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"L","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"7.8","cvss_environmentalscore":"2.010780107296","cvss_environmentalvector":"CDP:L/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}