Synology-SA-19:15 Samba

Publish Time: 2019-04-09 18:15:46 UTC+8

Last Updated: 2019-04-09 18:15:46 UTC+8

Severity
Moderate
Status
Ongoing

Abstract

CVE-2019-3880 allows remote authenticated users to create arbitrary files or obtain sensitive information via a susceptible version of DiskStation Manager (DSM) and Synology Router Manager (SRM).

None of Synology products are affected by CVE-2019-3870 as the vulnerability only affect Samba 4.9.0 and later.

Affected Products

Product Severity Fixed Release Availability
DSM 6.2 Moderate Ongoing
DSM 6.1 Moderate Will be fixed in DSM 6.2.
DSM 5.2 Moderate Will be fixed in DSM 6.2.
SkyNAS Moderate Ongoing
VS960HD Moderate Ongoing
SRM 1.2 Moderate Ongoing
Active Directory Server Not affected N/A

Mitigation

None

Detail

Reserved

Reference

Revision

Revision Date Description
1 2019-04-09 Initial public release.