CVE-2015-2851

Name of the Vulnerable Software and Affected Versions Synology Cloud Station versions 1.1-2291 through 3.1-3320

Description The issue allows local users to change the ownership of arbitrary files and consequently obtain root access by specifying a filename. This is related to the client chown functionality in the sync client.

Recommendations For versions 1.1-2291 through 3.1-3320, consider restricting access to the client chown function to prevent unauthorized changes to file ownership until a fix is available.