26.9.2014 Important Information about Bash Vulnerability "ShellShock" (CVE-2014-6271 and CVE-2014-7169)
Description
A vulnerability of a commonly used UNIX command shell, Bash, has been discovered allowing unauthorized users to remotely gain control of vulnerable UNIX-like systems. A thorough investigation by Synology shows the majority of Synology NAS servers are not concerned. The design of Synology NAS operating system, DiskStation Manager (DSM), is safe by default. The bash command shell built-in in DSM is reserved for system service use (HA Manager) only and not available to public users. For preventive purpose, Synology is working on the patches addressing this bash vulnerability and to provide them as soon as possible.
Affected Models
Synology will release the corresponding update to address this weakness for the following models. We have confirmed that models which are not in this list are not concerned by this bash vulnerability.
15-series: DS415+
14-series: RS3614xs+, RS2414+, RS2414RP+, RS814+, RS814RP+, RS3614xs, RS3614RPxs
13-series: DS2413+, DS713+, RS10613xs+, RS3413xs+, DS1813+, DS1513+
12-series: DS712+, DS1512+, DS1812+, DS3612xs, RS3412xs, RS3412RPxs, DS412+, RS812+, RS812RP+, RS2212+, RS2212RP+
11-series: DS3611xs, RS3411xs, RS3411RPxs, DS2411+, RS2211+, RS2211RP+, DS1511+, DS411+II, DS411+
10-series: DS1010+, RS810+, RS810RP+, DS710+
Resolution
The affected models vary on different versions of DSM due to differences in implementation. It is encouraged to update your Synology NAS server to the latest version.
If your Synology NAS server is one of the above models and an update is available, please go to DSM > Control Panel > Update & Restore> DSM Update and install the latest updates to protect your DiskStation from malicious attacks.