CVE-2015-2851

Published May 30, 2015

Last updated 3 months ago

CVSS info 6.8

Overview

Description: client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
Source: cret@cert.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 10
Exploitability score: 3.1
Vector string: AV:L/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-264

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:1.1-2291:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89282A91-62F9-4FAD-907E-59E7A7C41AC9"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:2.0-2291:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94D6674-B445-47A6-8B89-3696B43DB5EB"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:2.0-2402:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4E69C0A-2D3F-48F6-B667-88E7C7058FD3"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:2.1-2561:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "35EE80A5-5B4B-459B-A12E-F39BEE10C37F"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:2.1-2570:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FD4E307D-9C66-465E-8568-B421852B169E"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:2.1-2577:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C540D06-6F76-4FA0-8D39-40A9747A360D"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.0-3005:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0B670697-975E-4931-9C3B-8ACEBC0E2843"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.0-3103:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE880EA1-54F3-4A1B-96AD-DCF720A6F7E1"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.0-3108:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "10B5BDA7-0035-42FA-A835-9E98DE647BE1"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.0-3109:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "311CDD0F-26F3-47BA-BF73-FC6CB2BE3E10"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.0-3111:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E60BA19E-3CCD-4BE0-8500-D385A3592ECA"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.1-3317:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AA63857-7611-485D-AE43-D6F15B893CD2"
          },
          {
            "criteria": "cpe:2.3:a:synology:cloud_station:3.1-3320:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "872EDE63-3B43-49E4-8234-7BCB674E3070"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "0FF5999A-9D12-4CDD-8DE9-A89C10B2D574"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References