Important Information about Bash Vulnerability "ShellShock" (CVE-2014-6271 and CVE-2014-7169)

Publish Time: 2014-09-26 00:00:00 UTC+8

Last Updated: UTC+8

Status
Resolved

Description

A vulnerability of a commonly used UNIX command shell, Bash, has been discovered, allowing unauthorized users to remotely gain control of vulnerable UNIX-like systems. A thorough investigation by Synology shows the majority of Synology NAS servers will not be affected. The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The DSM built-in Bash command shell is reserved for system service use only (HA Manager) and not available to public users.

Affected Models

Synology has released critical updates to address this vulnerability. The applied models vary on different versions of DSM due to differences in implementation. We have confirmed that models which are not listed below are unaffected by this Bash vulnerability.

DSM 5.1 4977-1

  • 14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+, RS3614xs, RS3614RPxs
  • 13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+
  • 12-series: DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+
  • 11-series: DS3611xs, RS3411xs, RS3411RPxs

DSM 5.0 4519-1

  • 15-series: DS415+

DSM 5.0 4493-7

  • 14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+, RS3614xs, RS3614RPxs
  • 13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+
  • 12-series: DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+
  • 11-series: DS3611xs, RS3411xs, RS3411RPxs

DSM 4.3 3827-8

  • 14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+
  • 13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+
  • 12-series: DS712+, DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+
  • 11-series: DS3611xs, RS3411xs, RS3411RPxs, DS2411+, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+
  • 10-series: DS1010+, RS810+, RS810RP+, DS710+

Resolution

If your Synology NAS server is one of the above models and an update is available, please go to DSM > Control Panel > Update & Restore> DSM Update (DSM > Control Panel > DSM Update if your Synology NAS is running DSM 4.3) and install the latest updates to protect your NAS from malicious attacks.