Synology-SA-17:52 BlueBorne

Abstract

BlueBorne is an attack vector by which hackers can leverage Bluetooth connections to penetrate and take complete control over targeted devices. The following two CVE IDs will affect Synology DiskStation Manager (DSM).

• CVE-2017-1000250 allows remote attackers to cause an information disclosure attack via a crafted SDP bluetooth packet on a vulnerable version of Synology DiskStation Manager (DSM).

• CVE-2017-1000251 allows remote attackers to cause a denial-of-service attack or execute arbitrary codes via a crafted L2CAP configuration response on a vulnerable version of Synology DiskStation Manager (DSM).

Severity

• CVE-2017-1000250
  • Impact: Moderate
  • CVSS3 Base Score: 6.5
  • CVSS3 Base Metrics: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
• CVE-2017-1000251
  • Impact: Important
  • CVSS3 Base Score: 7.5
  • CVSS3 Base Metrics: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected

• Products
  • DSM 6.1
  • DSM 6.0
  • DSM 5.2
• Models
  • FS & XS Series
    • 17-Series
      • FS2017, RS4017xs+, RS3617xs+, RS3617xs, RS3617RPxs, RS18017xs+, DS3617xs
    • 16-Series
      • RS18016xs+
    • 15-Series
      • DS3615xs, DS2015xs
    • 14-Series
      • RS3614xs, RS3614RPxs
    • 13-Series
      • RS3413xs+, RS10613xs+
    • 12-Series
      • RS3412xs, RS3412RPxs
    • 11-Series
      • RS3411xs, RS3411RPxs
  • Plus Series
    • 17-Series
      • DS1817+, DS1517+
    • 16-Series
      • RS2416+, DS916+, DS716+II, DS716+, DS216+II, DS216+
    • 15-Series
      • DS2415+, DS1815+, DS1515+, RS815RP+, RS815+, DS415+, DS215+
    • 14-Series
      • RS2414RP+, RS2414+, RS814RP+, RS814+
    • 13-Series
      • RS3413xs+, RS10613xs+, DS1813+, DS1513+, DS713+
    • 12-Series
      • RS2212RP+, RS2212+, DS1812+, DS1512+, RS812RP+, RS812+, DS412+, DS712+, DS212+, DS112+
    • 11-Series
      • DS2411+, RS2211RP+, RS2211+, DS1511+, DS411+II, DS411+, DS211+, RS810RP+, RS810+, DS710+, DS210+, DS110+
  • Value Series
    • 17-Series
      • DS1817, DS1517, RS217
    • 16-Series
      • RS816, DS416slim, DS416play, DS416, DS216play, DS216, DS116
    • 15-Series
      • DS1515, DS415play, DS715
    • 14-Series
      • RS214, DS214play
    • 13-Series
      • DS213air, DS213
    • 12-Series
      • RS812, RS212, DS212, DS112
    • 11-Series
      • RS411, DS411, DS211, DS111, DS410
  • J Series
    • 16-Series
      • DS416j, DS216j
    • 13-Series
      • DS413j
    • 11-Series
      • DS411slim

Description

• CVE-2017-1000250
  All versions of the SDP server in BlueZ 5.46 and earlier are vulnerable to an information disclosure vulnerability which allows remote attackers to obtain sensitive information from the bluetoothd process memory. This vulnerability lies in the processing of SDP search attribute requests.
• CVE-2017-1000251
  The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 3.3-rc1 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.

Mitigation

None

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.3-15152-5 or above, update DSM 6.0 to 6.0.3-8754-6 or above, and update DSM 5.2 to 5.2-5967-5 or above.

Reference

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000251
• https://access.redhat.com/security/cve/CVE-2017-1000250
• https://access.redhat.com/security/cve/CVE-2017-1000251
• https://www.armis.com/blueborne/