client_chown in the sync client in Synology Cloud Station 1.1-2291 through 3.1-3320 on OS X allows local users to change the ownership of arbitrary files, and consequently obtain root access, by specifying a filename.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Cloud_station | Synology | 1.1-2291 (including) | 1.1-2291 (including) |
| Cloud_station | Synology | 2.0-2291 (including) | 2.0-2291 (including) |
| Cloud_station | Synology | 2.0-2402 (including) | 2.0-2402 (including) |
| Cloud_station | Synology | 2.1-2561 (including) | 2.1-2561 (including) |
| Cloud_station | Synology | 2.1-2570 (including) | 2.1-2570 (including) |
| Cloud_station | Synology | 2.1-2577 (including) | 2.1-2577 (including) |
| Cloud_station | Synology | 3.0-3005 (including) | 3.0-3005 (including) |
| Cloud_station | Synology | 3.0-3103 (including) | 3.0-3103 (including) |
| Cloud_station | Synology | 3.0-3108 (including) | 3.0-3108 (including) |
| Cloud_station | Synology | 3.0-3109 (including) | 3.0-3109 (including) |
| Cloud_station | Synology | 3.0-3111 (including) | 3.0-3111 (including) |
| Cloud_station | Synology | 3.1-3317 (including) | 3.1-3317 (including) |
| Cloud_station | Synology | 3.1-3320 (including) | 3.1-3320 (including) |