Synology Information for VU#551972
Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files
- Vendor Information Help Date Notified: 06 Apr 2015
- Statement Date: 08 Apr 2015
- Date Updated: 26 May 2015
We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client.
We are not aware of further vendor information regarding this vulnerability.
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.