Executive Summary

Summary
Title Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files
Informations
Name VU#551972 First vendor Publication 2015-05-26
Vendor VU-CERT Last vendor Modification 2015-05-27
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.8 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.1 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#551972

Synology Cloud Station sync client for OS X allows regular users to claim ownership of system files

Original Release date: 26 May 2015 | Last revised: 27 May 2015

Overview

The Synology Cloud Station sync client for OS X contains a setuid root executable that allows regular users to claim ownership of system files.

Description

CWE-276: Incorrect Default Permissions - CVE-2015-2851

The Synology Cloud Station sync client for OS X contains an executable named client_chown that allows users to change the ownership of files. However, by default, it is installed as a setuid root executable. This allows any user the ability to change ownership of arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host.

Versions of Synology Cloud Station sync client from 1.1-2291 up to 3.1-3320 are vulnerable.

Impact

A local standard OS X user may gain ownership over arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host.

Solution

Update the client

Synology has released version 3.2-3475, which addresses this issue. According to Synology, "We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client."

Affected users are encouraged to update to version 3.2-3475 or later as soon as possible.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
SynologyAffected06 Apr 201526 May 2015
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base6.8AV:L/AC:L/Au:S/C:C/I:C/A:C
Temporal5.3E:POC/RL:OF/RC:C
Environmental1.3CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • None

Credit

Thanks to Jeremy Kemp for reporting this vulnerability to us.

This document was written by Garret Wassermann.

Other Information

  • CVE IDs:CVE-2015-2851
  • Date Public:26 May 2015
  • Date First Published:26 May 2015
  • Date Last Updated:27 May 2015
  • Document Revision:49

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/551972

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 13

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-06-02 17:28:35
  • Multiple Updates
2015-05-31 00:28:20
  • Multiple Updates
2015-05-27 17:25:16
  • Multiple Updates
2015-05-26 17:25:16
  • First insertion