Synology-SA-17:40 libsoup

2017-08-11 14:17:00

Severity
Important
Status
Ongoing

Abstract

CVE-2017-2885 allows man-in-the-middle attackers to cause denial-of-service attacks or execute arbitrary codes on a vulnerable version of File Station.

Severity

Affected

  • Products
    • File Station before 1.1.1-0103
    • DSM 6.0
    • DSM 5.2
    • DSM 5.1
  • Models
    • All Synology models

Description

A stack-based buffer overflow flaw was discovered within the HTTP processing of libsoup. A remote attacker could exploit this flaw to cause a crash or, potentially, execute arbitrary code by sending a specially crafted HTTP request to a server using the libsoup HTTP server functionality or by tricking a user into connecting to a malicious HTTP server with an application using the libsoup HTTP client functionality.

Mitigation

None

Update Availability

To fix the security issue, please go to DSM > Package Center and update File Station to 1.1.1-0103 or above.

Reference