CVE-2015-2851 Information

Description

client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files and consequently obtain root access by specifying a filename.

Reference

http://www.kb.cert.org/vuls/id/551972 http://www.kb.cert.org/vuls/id/BLUU-9VBU45 http://www.securityfocus.com/bid/74826