Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. http://www.synology.com/en-global/company/news/article/437 February 14, 2014⑲ynology긠confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly. The followings are possible symptoms to appear on affected DiskStation and RackStation: Exceptionally high CPU usage detected in Resource Monitor: CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names Appearance of non-Synology folder: An automatically created shared folder with the name 昼tartup鐬 or a non-Synology folder appearing under the path of 錯root/PWNED鐊 Redirection of the Web Station: 戦ndex.php鐠is redirected to an unexpected page Appearance of non-Synology CGI program: Files with meaningless names exist under the path of 錯usr/syno/synoman鐊 Appearance of non-Synology script file: Non-Synology script files, such as 争99p.sh鐬 appear under the path of 錯usr/syno/etc/rc.d鐊 If users identify any of above situation, they are strongly encouraged to do the following: For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. For DiskStation or RackStation running on DSM 4.0, it旧 recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it旧 recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download). Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code This is also known as the /PWNED or /lolz hack.