CVE-2015-2851

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:S/C:C/I:C/A:C
certccCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
VendorProductVersion
synologycloud_station
1.1-2291
synologycloud_station
2.0-2291
synologycloud_station
2.0-2402
synologycloud_station
2.1-2561
synologycloud_station
2.1-2570
synologycloud_station
2.1-2577
synologycloud_station
3.0-3005
synologycloud_station
3.0-3103
synologycloud_station
3.0-3108
synologycloud_station
3.0-3109
synologycloud_station
3.0-3111
synologycloud_station
3.1-3317
synologycloud_station
3.1-3320
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.kb.cert.org/vuls/id/551972
http://www.kb.cert.org/vuls/id/BLUU-9VBU45
http://www.securityfocus.com/bid/74826
http://www.kb.cert.org/vuls/id/551972
http://www.kb.cert.org/vuls/id/BLUU-9VBU45
http://www.securityfocus.com/bid/74826