Publish Time: 2017-06-01 00:00:00 UTC+8
Last Updated: 2021-04-12 15:32:58 UTC+8
CVE-2017-1000367 allows local authenticated users with privileges to execute commands via sudo to overwrite arbitrary files and obtain full root privileges.
This vulnerability lowly impacts DSM because only the authenticated users in the sudoer list by default are able to switch to
root in DSM.
- Impact: Low
- DSM 6.1
- DSM 6.0
- All Synology models
A vulnerability was revealed in ttyname.c in sudo versions 1.8.6p7 through 1.8.20 due to the incorrectly parsed tty information from the process status file, which allows local users configured in sudoers to overwrite arbitrary files via a crafted symlink and race condition.
To fix the security issue, please update DSM 6.2 to 6.2-22259 or above.