The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files.
CWE-276: Incorrect Default Permissions - CVE-2015-2851
The Synology Cloud Station sync client for OS X contains an executable named client_chown that allows users to change the ownership of files. However, by default, it is installed as a setuid root executable. This allows any user the ability to change ownership of arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host.
A local standard OS X user may gain ownership over arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host.
Update the client
Thanks to Jeremy Kemp for reporting this vulnerability to us.
This document was written by Garret Wassermann.
|Date First Published:||2015-05-26|
|Date Last Updated:||2015-05-27 13:40 UTC|