Synology-SA-17:15 Linux kernel

Publish Time: 2017-05-08 00:00:00 UTC+8

Last Updated: 2017-05-08 23:00:00 UTC+8

Severity: Moderate

Status: Resolved

Abstract

CVE-2017-7184 contains a heap overflow vulnerability which may be exploited by local users in DDSM to escalate privileges or escape from DDSM.

Severity

Moderate

Affected

Products
- DDSM
Models
- FS3017, FS2017, RS4017xs+, RS18017xs+, RS3617xs+, RS3617xs, RS3617RPxs, DS3617xs, DS1817+, DS1517+, RS18016xs+, RS2416+, RS2416RP+, DS916+, DS716+II, DS716+, DS216+II, DS216+, RC18015xs+, DS3615xs, DS2415+, DS1815+, DS1515+, RS815+, RS815RP+, DS415+, RS3614xs+, RS3614xs, RS3614RPxs, RS2414+, RS2414RP+, RS814+, RS814RP+, DS2413+, RS10613xs+, RS3413xs+, DS1813+, DS1513+, DS713+, DS3612xs, RS3412xs, RS3412RPxs, RS2212+, RS2212RP+, DS1812+, DS1512+, RS812+, RS812RP+, DS412+, DS712+, DS3611xs, DS2411+, RS3411xs, RS3411RPxs, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+, DS1010+, RS810+, RS810RP+, DS710+

Description

The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel through 4.10.6 does not validate certain size data after an XFRM_MSG_NEWAE update, which allows local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability, as demonstrated during a Pwn2Own competition at CanSecWest 2017 for the Ubuntu 16.10 linux-image-* package 4.8.0.41.52.

Mitigation

None

Update Availability

Synology will release a DSM 6.1 update (6.1.1-15101-02) to address this issue in the next few weeks.

References
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7184
https://blog.trendmicro.com/results-pwn2own-2017-day-one/
https://zhuanlan.zhihu.com/p/26674557?group_id=842807830561034240