CVE-2015-2851 : client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.

Published 2015-05-30 19:59:04

Updated 2025-04-12 10:46:41

Source CERT/CC

View at NVD, CVE.org

Products affected by CVE-2015-2851

Synology » Cloud Station » Version: 2.0-2291
cpe:2.3:a:synology:cloud_station:2.0-2291:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 2.0-2402
cpe:2.3:a:synology:cloud_station:2.0-2402:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.0-3109
cpe:2.3:a:synology:cloud_station:3.0-3109:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.0-3111
cpe:2.3:a:synology:cloud_station:3.0-3111:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 1.1-2291
cpe:2.3:a:synology:cloud_station:1.1-2291:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.0-3103
cpe:2.3:a:synology:cloud_station:3.0-3103:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.0-3108
cpe:2.3:a:synology:cloud_station:3.0-3108:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 2.1-2561
cpe:2.3:a:synology:cloud_station:2.1-2561:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 2.1-2570
cpe:2.3:a:synology:cloud_station:2.1-2570:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.1-3317
cpe:2.3:a:synology:cloud_station:3.1-3317:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.1-3320
cpe:2.3:a:synology:cloud_station:3.1-3320:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 2.1-2577
cpe:2.3:a:synology:cloud_station:2.1-2577:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X
Synology » Cloud Station » Version: 3.0-3005
cpe:2.3:a:synology:cloud_station:3.0-3005:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X

Exploit prediction scoring system (EPSS) score for CVE-2015-2851

EPSS FAQ

0.11%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 27 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-2851

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.8	MEDIUM	AV:L/AC:L/Au:S/C:C/I:C/A:C	3.1	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: Single Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2015-2851

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-2851

http://www.securityfocus.com/bid/74826

Synology Cloud Station sync client CVE-2015-2851 Local Privilege Escalation Vulnerability
http://www.kb.cert.org/vuls/id/551972

VU#551972 - Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files
Third Party Advisory;US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-9VBU45

VU#551972 - Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files
Third Party Advisory;US Government Resource

Jump to

Vulnerability Details : CVE-2015-2851

Products affected by CVE-2015-2851

Exploit prediction scoring system (EPSS) score for CVE-2015-2851

CVSS scores for CVE-2015-2851

CWE ids for CVE-2015-2851

References for CVE-2015-2851