Synology Affected

Notified:  April 06, 2015 Updated: May 26, 2015

Statement Date:   April 08, 2015



Vendor Statement

We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References