Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. http://www.synology.com/en-global/company/news/article/437 February 14, 2014Synology® confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly. The followings are possible symptoms to appear on affected DiskStation and RackStation: Exceptionally high CPU usage detected in Resource Monitor: CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names Appearance of non-Synology folder: An automatically created shared folder with the name startup, or a non-Synology folder appearing under the path of /root/PWNED Redirection of the Web Station: Index.php is redirected to an unexpected page Appearance of non-Synology CGI program: Files with meaningless names exist under the path of /usr/syno/synoman Appearance of non-Synology script file: Non-Synology script files, such as S99p.sh, appear under the path of /usr/syno/etc/rc.d If users identify any of above situation, they are strongly encouraged to do the following: For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. For DiskStation or RackStation running on DSM 4.0, its recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, its recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download). Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code This is also known as the /PWNED or /lolz hack.