cvelistv5 - cve-2013-6955

cve-2013-6955

Vulnerability from cvelistv5

Published

2014-01-09 11:00

Modified

2024-08-06 17:53

Severity ?

Summary

References

▼	URL	Tags
	cret@cert.org	http://www.kb.cert.org/vuls/id/615910	US Government Resource

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:53:45.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#615910",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/615910"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-01-09T02:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "VU#615910",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/615910"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-6955",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#615910",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/615910"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2013-6955",
    "datePublished": "2014-01-09T11:00:00",
    "dateReserved": "2013-12-04T00:00:00",
    "dateUpdated": "2024-08-06T17:53:45.550Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6955\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2014-01-09T18:07:04.033\",\"lastModified\":\"2014-01-10T13:54:24.450\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.\"},{\"lang\":\"es\",\"value\":\"webman/imageSelector.cgi en Synology DiskStation Manager (DSM) 4.0 anteriores a 4.0-2259, 4.2 anteriores a 4.2-3243, y 4.3 anteriores 4.3-3810 Update permite a atacantes remotos a\u00f1adir informaci\u00f3n a archivos de forma arbitraria, y consecuentemente ejecutar c\u00f3digo de forma arbitraria, a trav\u00e9s de una ruta en el header HTTP  SLICEUPLOAD X-TMP-FILE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\",\"baseScore\":10.0},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:diskstation_manager:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2B8DA44-273C-43A2-BA00-FFAF582A8754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:diskstation_manager:4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13E94CC2-5D95-4C20-B625-CB939D278308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:diskstation_manager:4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5F9A27A-815E-4779-944F-C7F50F8EC2C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"37720E1C-CFFA-422C-A683-8E1077CC40B2\"}]}]}],\"references\":[{\"url\":\"http://www.kb.cert.org/vuls/id/615910\",\"source\":\"cret@cert.org\",\"tags\":[\"US Government Resource\"]}]}}"
  }
}

gsd-2013-6955

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-6955

Aliases

CVE-2013-6955

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6955",
    "description": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",
    "id": "GSD-2013-6955",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2013-6955"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6955"
      ],
      "details": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",
      "id": "GSD-2013-6955",
      "modified": "2023-12-13T01:22:19.492935Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2013-6955",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "VU#615910",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/615910"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2013-6955"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#615910",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/615910"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-01-10T13:54Z",
      "publishedDate": "2014-01-09T18:07Z"
    }
  }
}

webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. Synology Provided by DiskStation Manager Is HTTP There is a problem with request processing, and there is a vulnerability with poor access control. Attacks using this vulnerability have been observed. Also, the attack code using this vulnerability has been released.By a remote third party, root It may be additionally written to a file on the system with permission. As a result, arbitrary code may be executed. Synology DiskStation Manager is prone to a remote command-execution vulnerability. An attacker can exploit this issue to execute arbitrary commands with root privileges. Synology DiskStation Manager 4.x are vulnerable; other versions may also be affected. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. A security vulnerability exists in the webman/imageSelector.cgi file in Synology DSM 4.3-3776-3 and earlier versions.

http://www.synology.com/en-global/company/news/article/437

February 14, 2014\x97Synology\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly.

The followings are possible symptoms to appear on affected DiskStation and RackStation:

Exceptionally high CPU usage detected in Resource Monitor:
CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names
Appearance of non-Synology folder:
An automatically created shared folder with the name \x93startup\x94, or a non-Synology folder appearing under the path of \x93/root/PWNED\x94
Redirection of the Web Station:
\x93Index.php\x94 is redirected to an unexpected page
Appearance of non-Synology CGI program:
Files with meaningless names exist under the path of \x93/usr/syno/synoman\x94
Appearance of non-Synology script file:
Non-Synology script files, such as \x93S99p.sh\x94, appear under the path of \x93/usr/syno/etc/rc.d\x94

If users identify any of above situation, they are strongly encouraged to do the following:

For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. 
For DiskStation or RackStation running on DSM 4.0, it\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. 
For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download).

Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.) Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.) Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.) Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. ) Authentication Not required (Authentication is not required to exploit the vulnerability.) Gained Access None Vulnerability Type(s) Execute Code

This is also known as the /PWNED or /lolz hack

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0159",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.3-3810"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.3"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.0"
      },
      {
        "model": "diskstation manager",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "synology",
        "version": "4.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "synology",
        "version": null
      },
      {
        "model": "diskstation manager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "synology",
        "version": "version 4.3-3776-3"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:synology:diskstation_manager:4.3-3810:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Markus Wulftange",
    "sources": [
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-6955",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 10.0,
            "collateralDamagePotential": "LOW",
            "confidentialityImpact": "COMPLETE",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 2.0,
            "exploitability": "PROOF-OF-CONCEPT",
            "exploitabilityScore": 10.0,
            "id": "CVE-2013-6955",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "LOW",
            "trust": 0.8,
            "userInterationRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-6955",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-66957",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6955",
            "trust": 2.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-017",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66957",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header. Synology Provided by DiskStation Manager Is HTTP There is a problem with request processing, and there is a vulnerability with poor access control. Attacks using this vulnerability have been observed. Also, the attack code using this vulnerability has been released.By a remote third party, root It may be additionally written to a file on the system with permission. As a result, arbitrary code may be executed. Synology DiskStation Manager is prone to a remote command-execution vulnerability. \nAn attacker can exploit this issue to execute arbitrary commands with root privileges. \nSynology DiskStation Manager 4.x are vulnerable; other versions may also be affected. Synology DiskStation Manager (DSM) is an operating system developed by Synology for network storage servers (NAS). The operating system can manage data, documents, photos, music and other information. A security vulnerability exists in the webman/imageSelector.cgi file in Synology DSM 4.3-3776-3 and earlier versions. \n\nhttp://www.synology.com/en-global/company/news/article/437\n\nFebruary 14, 2014\\x97Synology\\xae confirmed known security issues (reported as CVE-2013-6955 and CVE-2013-6987) which would cause compromise to file access authority in DSM. An updated DSM version resolving these issues has been released accordingly. \n\nThe followings are possible symptoms to appear on affected DiskStation and RackStation:\n\n    Exceptionally high CPU usage detected in Resource Monitor:\n    CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names\n    Appearance of non-Synology folder:\n    An automatically created shared folder with the name \\x93startup\\x94, or a non-Synology folder appearing under the path of \\x93/root/PWNED\\x94\n    Redirection of the Web Station:\n    \\x93Index.php\\x94 is redirected to an unexpected page\n    Appearance of non-Synology CGI program:\n    Files with meaningless names exist under the path of \\x93/usr/syno/synoman\\x94\n    Appearance of non-Synology script file:\n    Non-Synology script files, such as \\x93S99p.sh\\x94, appear under the path of \\x93/usr/syno/etc/rc.d\\x94\n\nIf users identify any of above situation, they are strongly encouraged to do the following:\n\n    For DiskStation or RackStation running on DSM 4.3, please follow the instruction here (http://www.synology.com/en-global/support/faq/348) to REINSTALL DSM 4.3-3827. \n    For DiskStation or RackStation running on DSM 4.0, it\\x92s recommended to REINSTALL DSM 4.0-2259 or onward from Synology Download Center. \n    For DiskStation or RackStation running on DSM 4.1 or DSM 4.2, it\\x92s recommended to REINSTALL DSM 4.2-3243 or onward from Synology Download Center (http://www.synology.com/en-global/support/download). \n\nConfidentiality Impact \tComplete (There is total information disclosure, resulting in all system files being revealed.)\nIntegrity Impact \tComplete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)\nAvailability Impact \tComplete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)\nAccess Complexity \tLow (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )\nAuthentication \tNot required (Authentication is not required to exploit the vulnerability.)\nGained Access \tNone\nVulnerability Type(s) \tExecute Code\n\nThis is also known as the /PWNED or /lolz hack",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      }
    ],
    "trust": 2.79
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-66957",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6955",
        "trust": 3.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#615910",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "64516",
        "trust": 1.0
      },
      {
        "db": "JVN",
        "id": "JVNVU95919136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "125864",
        "trust": 0.2
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-83853",
        "trust": 0.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "30470",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "124568",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "id": "VAR-201401-0159",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:08:54.019000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DiskStation Manager",
        "trust": 0.8,
        "url": "http://www.synology.com/ja-jp/dsm/index"
      },
      {
        "title": "\u30c0\u30a6\u30f3\u30ed\u30fc\u30c9\u30bb\u30f3\u30bf\u30fc",
        "trust": 0.8,
        "url": "http://www.synology.com/ja-jp/support/download"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://www.kb.cert.org/vuls/id/615910"
      },
      {
        "trust": 0.8,
        "url": "http://www.synology.com/en-us/dsm/index"
      },
      {
        "trust": 0.8,
        "url": "http://www.synology.com/en-us/support/download "
      },
      {
        "trust": 0.8,
        "url": "http://www.npa.go.jp/cyberpolice/detect/pdf/20140305.pdf"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6955"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/cert/jvnvu95919136"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6955"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/64516"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/company/news/article/437"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/support/faq/348)"
      },
      {
        "trust": 0.1,
        "url": "http://www.synology.com/en-global/support/download)."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6987"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6955"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "db": "BID",
        "id": "64516"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "date": "2014-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "date": "2013-12-25T00:00:00",
        "db": "BID",
        "id": "64516"
      },
      {
        "date": "2014-01-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "date": "2014-03-25T23:12:57",
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "date": "2014-01-09T18:07:04.033000",
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "date": "2013-12-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-07T00:00:00",
        "db": "CERT/CC",
        "id": "VU#615910"
      },
      {
        "date": "2014-01-10T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66957"
      },
      {
        "date": "2014-01-09T00:40:00",
        "db": "BID",
        "id": "64516"
      },
      {
        "date": "2014-03-07T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001004"
      },
      {
        "date": "2014-01-10T13:54:24.450000",
        "db": "NVD",
        "id": "CVE-2013-6955"
      },
      {
        "date": "2014-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "125864"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Synology DiskStation Manager arbitrary file modification",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#615910"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-017"
      }
    ],
    "trust": 0.6
  }
}

ghsa-cf8x-55vw-78gp

Vulnerability from github

Published

2022-05-17 04:54

Modified

2022-05-17 04:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6955"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-09T18:07:00Z",
    "severity": "HIGH"
  },
  "details": "webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, and consequently execute arbitrary code, via a pathname in the SLICEUPLOAD X-TMP-FILE HTTP header.",
  "id": "GHSA-cf8x-55vw-78gp",
  "modified": "2022-05-17T04:54:58Z",
  "published": "2022-05-17T04:54:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6955"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/615910"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-6955

Vulnerability from cvelistv5

gsd-2013-6955

Vulnerability from gsd

var-201401-0159

Vulnerability from variot

ghsa-cf8x-55vw-78gp

Vulnerability from github

Tags

Sightings

Nomenclature