Synology-SA-17:36 SMBLoris

Publish Time: 2017-08-04 00:00:00 UTC+8

Last Updated: 2017-08-04 17:20:00 UTC+8

Severity: Important

Status: Will not fix

Abstract

SMBLoris allows remote attackers to cause a DoS attack on the vulnerable NAS.

Severity

Impact: Important
CVSS3 Base Score: 8.2
CVSS3 Base Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Affected

Products
- All DSM versions
- All SRM versions
Models
- All Synology models

Description

SMBLoris is a remote and uncredentialed denial of service attack against Microsoft® Windows® operating systems, caused by a 20+ year old vulnerability in the Server Message Block (SMB) network protocol implementation.

Mitigation

For an immediate workaround, please contact us at security@synology.com.

Update Availability

Not available yet.

Reference

https://smbloris.com/