Synology cloud sync bug exposes Macs to full takeover
- 27 May, 2015 09:27
A bug in the OS X client for Synology’s Cloud Station for syncing files across devices could allow an attacker to take over the machine.
Mac owners who use Synology’s Cloud Station sync client are being urged to update the software, which contains a faulty default permission that could allow a local attack to gain control of the host Mac system.
Cloud Station is Synology’s answer to cloud file storage services like Dropbox, offering users a personal cloud — without the same level of redundancy as a Google or Dropbox — which nonetheless syncs files between devices with the client installed.
According to the CERT for Carnegie Mellon University, the Cloud Station client for OS X “contains an executable named client_chown that allows users to change the ownership of files”. The problem is that it’s installed as a “setuid root executable”. The flaw poses a risk not just to files for syncing, but the fact the files can be changed could be used to control the host.
“This allows any user the ability to change ownership of arbitrary system files, which may be leveraged to gain root privileges and fully compromise the host,” the CERT noted.
It also urged users to update the Cloud Station client for OS X to version 3.2-3475.
"We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client,” Synology is quoted as saying.
Synology played down the threat posed to Mac users with the affected client installed.
"[The update] was released on May 12 along with the latest version of our OS (DSM 5.2). The executable is only able to change ownership of system files that belong to Cloud Station client but not others. We remove it only as a precaution," a Synology spokesperson told CSO Australia.
The company on Tuesday also released a fix for a serious flaw in the Synology Photo Station feature of its Linux-based OS Disk Station Manager.
This article is brought to you by Enex TestLab, content directors for CSO Australia.