PT-2015-5936 · Synology · Cloud Station
Jeremy Kemp
·
Published
2015-05-30
·
Updated
2016-12-03
·
CVE-2015-2851
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Synology Cloud Station versions 1.1-2291 through 3.1-3320
Description
The issue allows local users to change the ownership of arbitrary files and consequently obtain root access by specifying a filename. This is related to the
client chown functionality in the sync client.Recommendations
For versions 1.1-2291 through 3.1-3320, consider restricting access to the
client chown function to prevent unauthorized changes to file ownership until a fix is available.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Station