CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:C/I:C/A:C
EPSS
Percentile
0.4%
The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files.
CWE-276: Incorrect Default Permissions - CVE-2015-2851
The Synology Cloud Station sync client for OS X contains an executable named client_chown
that allows users to change the ownership of files. However, by default, it is installed as a setuid root executable. This allows any user the ability to change ownership of arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host.
Versions of Synology Cloud Station sync client from 1.1-2291 up to 3.1-3320 are vulnerable.
A local standard OS X user may gain ownership over arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host.
Update the client
Synology has released version 3.2-3475, which addresses this issue. According to Synology, “We have removed client_chown
in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown
tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown
was able to change the ownership of certain system files that belong to Cloud Station client.”
Affected users are encouraged to update to version 3.2-3475 or later as soon as possible.
551972
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: April 06, 2015 Updated: May 26, 2015
Statement Date: April 08, 2015
Affected
We have removed client_chown
in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown
tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown
was able to change the ownership of certain system files that belong to Cloud Station client.
We are not aware of further vendor information regarding this vulnerability.
Group | Score | Vector |
---|---|---|
Base | 6.8 | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Temporal | 5.3 | E:POC/RL:OF/RC:C |
Environmental | 1.3 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND |
Thanks to Jeremy Kemp for reporting this vulnerability to us.
This document was written by Garret Wassermann.
CVE IDs: | CVE-2015-2851 |
---|---|
Date Public: | 2015-05-26 Date First Published: |