Synology finally patches OpenSSL bugs in Trevor's NAS
By Trevor Pott, 25 Jul 2014
Sysadmin blog Synology quietly released version 4.2-3250 of its DiskStation Manager (DSM) operating system this month. This squashes critical security bugs in version 4.2 of DSM – bugs that were fixed in version 5.0 in June, so consider this a back port.
Version 4.2 is old but still in use in various models, such as the DS109. The update got me thinking about the security of NASes and similar devices on our networks.
New build 3250 addresses a kernel-level security issue as well as the six OpenSSL bugs found and fixed in early June.
The kernel issue (CVE-2014-0196) allows an attacker to trigger a denial-of-service and escalate his or her privileges once they've gained remote access to a system. The Include Security blog has a truly excellent walkthrough on exploiting this security hole.
Full article
How long is too long to wait for a security fix?
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.