Home / Software & Gaming / Security / Synology update fixes DSM vulnerabilities

Synology update fixes DSM vulnerabilities

Synology's NAS devices have usually reviewed quite well here at Kitguru, which is why it was a real shame that a few days ago to learn that its Diskstation Manager software had some major security vulnerabilities that had yet to be fixed. Fortunately now a patch has been released and it's recommending everyone to download it as soon as possible.

dsm
Since DSM now integrates with personal smartphones, it's more important than ever that it's secure

The flaws that were of most concern allowed hackers to potentially compromise a user's files within the DSM software. Those holes have now been filled, but they're not the only ones. If you've had any of the following issues, take note:

  • Very high CPU usage – CPU being bottlenecked by dhcp.pid, minerd, synodns, PWNED, PWNEDb, PWNEDg, PWNEDm, or any processed with PWNED in the name.
  • Non-Synology folder creation – the seemingly random creation of a “startup,” shared file.
  • Redirection – the DSM index page was redirecting to a non-Synology page.
  • Random file creation – Files with odd names appearing under the path “/usd/syno/synoman”.
  • Non-Synology script creation – Non-Synology script files, such as “S99p.sh”, appear under the path of “/usr/syno/etc/rc.

To fix any of these issues, Synology is recommending you reinstall the latest version of DSM which you can download from its Download Centre. If you haven't seen these bugs, Synology is still recommending you head to the update page and make sure your software is up to date.

KitGuru Says: It's always crap when nasty vulnerabilities are discovered in your software, but at least Synology is letting customers know and helping them protect themselves instead of just sweeping it under the rug.

Become a Patron!

Check Also

Game Freak confirms data breach following massive Pokémon leak

Following a massive number of Pokémon leaks, including source code, Game Freak has confirmed a data breach. The leak includes Game Freak employee information.