Vulnerability Description
client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Synology | Cloud Station | 1.1-2291 |
| Apple | Mac Os X | All versions |
Related Weaknesses (CWE)
References
- http://www.kb.cert.org/vuls/id/551972Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-9VBU45Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/74826
- http://www.kb.cert.org/vuls/id/551972Third Party AdvisoryUS Government Resource
- http://www.kb.cert.org/vuls/id/BLUU-9VBU45Third Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/74826
FAQ
What is CVE-2015-2851?
CVE-2015-2851 is a vulnerability with a CVSS score of 6.8 (MEDIUM). client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by speci...
How severe is CVE-2015-2851?
CVE-2015-2851 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2851?
Check the references section above for vendor advisories and patch information. Affected products include: Synology Cloud Station, Apple Mac Os X.