Lucene search

CertccCVE-2015-2851

HistoryMay 30, 2015 - 7:59 p.m.

CVE-2015-2851

2015-05-3019:59:03

CWE-264

certcc

web.nvd.nist.gov

synology cloud station

cve-2015-2851

security vulnerability

local users

root access

os x

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

0.4%

JSON

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

Affected configurations

Nvd

Node

synologycloud_stationMatch1.1-2291

synologycloud_stationMatch2.0-2291

synologycloud_stationMatch2.0-2402

synologycloud_stationMatch2.1-2561

synologycloud_stationMatch2.1-2570

synologycloud_stationMatch2.1-2577

synologycloud_stationMatch3.0-3005

synologycloud_stationMatch3.0-3103

synologycloud_stationMatch3.0-3108

synologycloud_stationMatch3.0-3109

synologycloud_stationMatch3.0-3111

synologycloud_stationMatch3.1-3317

synologycloud_stationMatch3.1-3320

AND

applemac_os_x

VendorProductVersionCPE
synologycloud_station1.1-2291cpe:2.3:a:synology:cloud_station:1.1-2291:*:*:*:*:*:*:*
synologycloud_station2.0-2291cpe:2.3:a:synology:cloud_station:2.0-2291:*:*:*:*:*:*:*
synologycloud_station2.0-2402cpe:2.3:a:synology:cloud_station:2.0-2402:*:*:*:*:*:*:*
synologycloud_station2.1-2561cpe:2.3:a:synology:cloud_station:2.1-2561:*:*:*:*:*:*:*
synologycloud_station2.1-2570cpe:2.3:a:synology:cloud_station:2.1-2570:*:*:*:*:*:*:*
synologycloud_station2.1-2577cpe:2.3:a:synology:cloud_station:2.1-2577:*:*:*:*:*:*:*
synologycloud_station3.0-3005cpe:2.3:a:synology:cloud_station:3.0-3005:*:*:*:*:*:*:*
synologycloud_station3.0-3103cpe:2.3:a:synology:cloud_station:3.0-3103:*:*:*:*:*:*:*
synologycloud_station3.0-3108cpe:2.3:a:synology:cloud_station:3.0-3108:*:*:*:*:*:*:*
synologycloud_station3.0-3109cpe:2.3:a:synology:cloud_station:3.0-3109:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
synology	cloud_station	1.1-2291	cpe:2.3:a:synology:cloud_station:1.1-2291:::::::*
synology	cloud_station	2.0-2291	cpe:2.3:a:synology:cloud_station:2.0-2291:::::::*
synology	cloud_station	2.0-2402	cpe:2.3:a:synology:cloud_station:2.0-2402:::::::*
synology	cloud_station	2.1-2561	cpe:2.3:a:synology:cloud_station:2.1-2561:::::::*
synology	cloud_station	2.1-2570	cpe:2.3:a:synology:cloud_station:2.1-2570:::::::*
synology	cloud_station	2.1-2577	cpe:2.3:a:synology:cloud_station:2.1-2577:::::::*
synology	cloud_station	3.0-3005	cpe:2.3:a:synology:cloud_station:3.0-3005:::::::*
synology	cloud_station	3.0-3103	cpe:2.3:a:synology:cloud_station:3.0-3103:::::::*
synology	cloud_station	3.0-3108	cpe:2.3:a:synology:cloud_station:3.0-3108:::::::*
synology	cloud_station	3.0-3109	cpe:2.3:a:synology:cloud_station:3.0-3109:::::::*

Rows per page:

1-10 of 141

References

www.kb.cert.org/vuls/id/551972

www.kb.cert.org/vuls/id/BLUU-9VBU45

www.securityfocus.com/bid/74826

CVSS2

6.8

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:C/I:C/A:C

AI Score

6.6

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2015-2851