Synology-SA-17:34 Photo Station

Publish Time: 2017-08-08 00:00:00 UTC+8

Last Updated: 2017-08-08 10:10:00 UTC+8

Severity
Critical
Status
Resolved

Abstract

Several vulnerabilities have been found in Photo Station:

CVE-2017-11151 allows remote attackers to upload arbitrary files to the specified directories.
CVE-2017-11152 allows remote attackers to log in with a fake authentication mechanism.
CVE-2017-11153 allows remote attackers to log in to Photo Station with any identities.
CVE-2017-11154 allows remote authenticated attackers with administrator privileges in Photo Station to execute arbitrary codes on the vulnerable NAS.
CVE-2017-11155 allows remote attackers to identify whether Photo Station is vulnerable or not.

Severity

  • CVE-2017-11151
    • Moderate
    • CVSSv3 Base Score: 6.5
  • CVE-2017-11152
    • Moderate
    • CVSSv3 Base Score: 6.5
  • CVE-2017-11153
    • Important
    • CVSSv3 Base Score: 7.5
  • CVE-2017-11154
    • Moderate
    • CVSSv3 Base Score: 6.5
  • CVE-2017-11155
    • Moderate
    • CVSSv3 Base Score: 5.3

Affected

  • Products
    • Photo Station before 6.7.3-3432 and 6.3-2967
  • Models
    • All Synology models

Description

  • CVE-2017-11151
    A vulnerability in synotheme_upload.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to upload arbitrary files without authentication via the logo_upload action.
  • CVE-2017-11152
    Directory traversal vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to write arbitrary files via the path parameter.
  • CVE-2017-11153
    Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to gain administrator privileges via a crafted serialized payload.
  • CVE-2017-11154
    Unrestricted file upload vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to create arbitrary PHP scripts via the type parameter.
  • CVE-2017-11155
    An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors.

Mitigation

None

Update Availability

To fix the security issues, please go to DSM > Package Center, and update Photo Station to 6.7.3-3432 (6.3-2967 for DSM 5.2 users) or above.