Synology-SA-17:27 Nginx

Abstract

CVE-2017-7529 can allow remote attackers to leak sensitive information from the vulnerable server.

Severity

• Impact: Moderate
• CVSS3 Base Score: 5.5
• CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected

• Products
  • DSM 6.1
  • DSM 6.0
• Models
  • All Synology models

Description

A specially crafted request might result in an integer overflow and incorrect processing of ranges, potentially resulting in sensitive information leak.

Mitigation

1. Go to Control Panel > Applications > Terminal & SNMP and tick Enable SSH service
2. Log in to DSM via SSH as "admin" and execute the following command:
   sudo /bin/echo "max_ranges 1;" >> /usr/local/etc/nginx/conf.d/main.conf && sudo reload nginx
3. Remember to remove the mitigation with the following command after upgrading DSM:
   sudo /usr/bin/sed -i '/max_ranges 1;/d' /usr/local/etc/nginx/conf.d/main.conf

Update Availability

To fix the security issue, please update DSM 6.1 to 6.1.3-15152 or above and update DSM 6.0 to 6.0.3-8754-4 or above.

Reference

• http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
• http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-7529