CVE-2015-2851

Synology Cloud Station 1.1-2291-3.1-3320 - Arbitrary File Ownership Change via client_chown

Title source: llm

Description

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/74826

Third Party Advisory, US Government Resource x_refsource_confirm

http://www.kb.cert.org/vuls/id/BLUU-9VBU45

Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/551972

Scores

EPSS 0.0041

EPSS Percentile 61.6%

Details

CWE

CWE-264

Status published

Products (13)

synology/cloud_station 1.1-2291

synology/cloud_station 2.0-2291

synology/cloud_station 2.0-2402

synology/cloud_station 2.1-2561

synology/cloud_station 2.1-2570

synology/cloud_station 2.1-2577

synology/cloud_station 3.0-3005

synology/cloud_station 3.0-3103

synology/cloud_station 3.0-3108

synology/cloud_station 3.0-3109

... and 3 more

Published May 30, 2015

Tracked Since Feb 18, 2026