Synology-SA-17:46 DNS Server

2017-08-23 18:12:51

Severity
Low
Status
Resolved

Abstract

CVE-2017-12074 allows remote authenticated users to write arbitrary files via vulnerable version of DNS Server.

Severity

Affected

  • Products
    • DNS Server before 2.2.1-3042

Description

Directory traversal vulnerability in the SYNO.DNSServer.Zone.MasterZoneConf in Synology DNS Server before 2.2.1-3042 allows remote authenticated attackers to write arbitrary files via the domain_name parameter.

Mitigation

None

Update Availability

To fix the security issue, please go to DSM > Package Center and update DNS Server to 2.2.1-3042 or above.