Arbitrary File Ownership Change Vulnerability in Synology Cloud Station for OS X

Arbitrary File Ownership Change Vulnerability in Synology Cloud Station for OS X

CVE-2015-2851 · MEDIUM Severity

AV:L/AC:L/AU:S/C:C/I:C/A:C

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

Learn more about our Cloud Audit.