Synology has issued a series of fixes following the discovery of a vulnerability in its DiskStation Manager software.
The networking specialist confirmed that two security issues – identified as CVE-2013-6955 and CVE-2013-6987 – could cause a compromise to file access authority in DSM.
An updated DSM version resolving the issues has since been released, and Synology is urging all users to update to the latest version of the software.
DiskStation and RackStation products affected by the breaches may display the following symptoms:
- Exceptionally high CPU usage detected in Resource Monitor: CPU resource occupied by processes such as dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processes with PWNED in their names.
- Appearance of non-Synology folder: An automatically created shared folder with the name “startup”, or a non-Synology folder appearing under the path of “/root/PWNED”.
- Redirection of the Web Station: “Index.php” is redirected to an unexpected page.
- Appearance of non-Synology CGI program: Files with meaningless names exist under the path of “/usr/syno/synoman”.
- Appearance of non-Synology script file: Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.d”.
“Synology has taken immediate actions to fix vulnerability at the point of identifying malicious attacks,” the company said in a statement concerning the news.
“As the proliferation of cybercrime and increasingly sophisticated malware evolves, Synology continues to devote resources to mitigate threats and is dedicated to providing the most reliable solutions for users.”