Synology Information for VU#551972

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

Status

Affected

Vendor Statement

We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References

https://www.synology.com/en-us/support/download/

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.