Resilio Sync for Synology Fixed admin password vulnerability (CVE-2017-7270)

Blog

28
- March
2017
Resilio Sync for Synology Fixed admin password vulnerability (CVE-2017-7270)

Resilio (formerly BitTorrent Sync) delivers powerful solutions using their unique private cloud software built on core bittorrent technology. For well over 15 years, BitTorrent has been the leading technology to deliver large files over the Internet. BitTorrent Sync was the world’s first product to harness this powerful protocol for commercial purposes and Resilio expands on this mission.

For a wide array of applications such as large file collaboration, file sync, folder sync, automated backup, and sending large files faster and more securely, Resilio offers the industry leading and fastest private cloud solution trusted by millions of consumers and thousands of business worldwide.

The Resilio Sync client for Synology NAS suffers a vulnerability that allows remote users to connect to the NAS with admin privileges.

The vulnerability occurs because during installation of the package, the installation script is adding a user with admin privileges and fixed password. The offending lines are the following:

synouser --add x " user" 0 "" ""
synogroup --member administrators > /dev/null 2>&1

The vulnerability has been confirmed to be present in version 2.4.4, other versions may be affected. The assigned CVE is CVE-2017-7270.

The vendor was notified and the vulnerability patched in version 2.5.5.

Vulnerable servers which expose their interfaces to the Internet may be remotely accessed with admin privileges using user rslsync with password 'x'.

We are proud to announce this vulnerability as the first public vulnerability discovered by the new jtsec staff!

Javier Tallón/Technical Director

Expert consultant on the Common Criteria standard, and other security assurance standards in the field of the information technology (FIPS 140-2, ITSEC, ISO 27K1, SOC 2, ENS...). Javier has served as an evaluator in the Spanish CB for the country major evaluation labs. As a consultant, he has successfully accompanied national and international companies in several certification processes (to EAL5+). His experience has led him to participate as a speaker at several conferences on computer security and certification (SuperSec, Cybercamp, Navaja Negra, International Common Criteria Conference, International Cryptographic Module Conference, EUCyberact Conference). He is also Cyber Security lecturer, giving classes of Secure Software Engineering at the University of Granada and is CISSP (Certified Information Systems Security Professional) and OSCP/OSCE (Offensive Security Certified Professional & Certified Expert) certified .

In 2015 he begins to lay the foundations of what will be jtsec. He currently works as Technical Director of the evaluation lab and Chief Operations Officer (COO) of the Granada site from where the company develops most of the work. Recognized expert in various disciplines of cybersecurity (reversing, exploiting, web, ...), assumes the technical direction of most of the projects, directing and organizing the work of the team. He also leads the Research and Development area, encouraging the participation of the jtsec team in multiple Congresses.


Contact

Send us your questions or suggestions!

By sending your data you allow us to use it to resolve your doubts by sending you commercial information of interest. We will delete it when they are no longer necessary for this matter. Know your rights in our Privacy Policy.