CNVD-2015-02262

Vulnerability from cnvd - Published: 2015-04-09
VLAI Severity ?
Title
Synology DiskStation Manager Multicast DNS (mDNS) responder拒绝服务漏洞
Description
Synology DiskStation Manager是第一个提供网络多任务处理用户接口的NAS操作系统。 Synology DiskStation Manager Multicast DNS (mDNS) responder存在安全漏洞,允许远程攻击者利用漏洞通过5353 UDP端口获取敏感信息或进行拒绝服务攻击。
Severity
Patch Name
Synology DiskStation Manager Multicast DNS (mDNS) responder拒绝服务漏洞的补丁
Patch Description
Synology DiskStation Manager是第一个提供网络多任务处理用户接口的NAS操作系统。Synology DiskStation Manager Multicast DNS (mDNS) responder存在安全漏洞,允许远程攻击者利用漏洞通过5353 UDP端口获取敏感信息或进行拒绝服务攻击。目前,厂商已经发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

Synology DiskStation Manager (DSM) 3.1修复该漏洞,建议用户下载更新: http://www.synology.com/dsm/index.php

Reference
http://www.kb.cert.org/vuls/id/550620
Impacted products
Name
Synology DiskStation Manager <=3.0
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-2809"
    }
  },
  "description": "Synology DiskStation Manager\u662f\u7b2c\u4e00\u4e2a\u63d0\u4f9b\u7f51\u7edc\u591a\u4efb\u52a1\u5904\u7406\u7528\u6237\u63a5\u53e3\u7684NAS\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nSynology DiskStation Manager Multicast DNS (mDNS) responder\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc75353 UDP\u7aef\u53e3\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "Chad Seaman",
  "formalWay": "Synology DiskStation Manager (DSM) 3.1\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.synology.com/dsm/index.php",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02262",
  "openTime": "2015-04-09",
  "patchDescription": "Synology DiskStation Manager\u662f\u7b2c\u4e00\u4e2a\u63d0\u4f9b\u7f51\u7edc\u591a\u4efb\u52a1\u5904\u7406\u7528\u6237\u63a5\u53e3\u7684NAS\u64cd\u4f5c\u7cfb\u7edf\u3002Synology DiskStation Manager Multicast DNS (mDNS) responder\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6f0f\u6d1e\u901a\u8fc75353 UDP\u7aef\u53e3\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u6216\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Synology DiskStation Manager Multicast DNS (mDNS) responder\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Synology DiskStation Manager \u003c=3.0"
  },
  "referenceLink": "http://www.kb.cert.org/vuls/id/550620",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-02",
  "title": "Synology DiskStation Manager Multicast DNS (mDNS) responder\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.