CVE-2016-10330 - OpenCVE

Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Synology	Photo Station

Configuration 1 [-]

cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*

References

Link	Resource
http://seclists.org/oss-sec/2016/q1/236	Exploit Third Party Advisory VDB Entry
https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files	Exploit Third Party Advisory
https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation	Exploit Third Party Advisory
https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226	Release Notes

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: synology

Published: 2017-05-12T20:00:00

Updated: 2017-05-12T19:57:01

Reserved: 2017-04-18T00:00:00

Link: CVE-2016-10330

JSON object: View

NVD Information

Status : Modified

Published: 2017-05-12T20:29:00.250

Modified: 2023-11-07T02:29:34.220

Link: CVE-2016-10330

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Synology Photo Station", "vendor": "Synology", "versions": [{"status": "affected", "version": "All versions prior to version 6.5.3-3226"}]}], "datePublic": "2016-08-02T00:00:00", "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Directory Traversal (CWE-22); Privilege Escalation (CWE-269)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2017-05-12T19:57:01", "orgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "shortName": "synology"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation"}, {"tags": ["x_refsource_MISC"], "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"}, {"name": "[oss-security] 20160128 CVE request: Synology Photo Station command injection and privilege escalation", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://seclists.org/oss-sec/2016/q1/236"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@synology.com", "ID": "CVE-2016-10330", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Synology Photo Station", "version": {"version_data": [{"version_value": "All versions prior to version 6.5.3-3226"}]}}]}, "vendor_name": "Synology"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Directory Traversal (CWE-22); Privilege Escalation (CWE-269)"}]}]}, "references": {"reference_data": [{"name": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation", "refsource": "MISC", "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation"}, {"name": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files", "refsource": "MISC", "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files"}, {"name": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226", "refsource": "CONFIRM", "url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"}, {"name": "[oss-security] 20160128 CVE request: Synology Photo Station command injection and privilege escalation", "refsource": "MLIST", "url": "http://seclists.org/oss-sec/2016/q1/236"}]}}}}, "cveMetadata": {"assignerOrgId": "db201096-a0cc-46c7-9a55-61d9e221bf01", "assignerShortName": "synology", "cveId": "CVE-2016-10330", "datePublished": "2017-05-12T20:00:00", "dateReserved": "2017-04-18T00:00:00", "dateUpdated": "2017-05-12T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:synology:photo_station:*:*:*:*:*:*:*:*", "matchCriteriaId": "5760E52D-1708-4C41-B8F3-0348D1F38944", "versionEndIncluding": "6.5.2-3225", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Directory traversal vulnerability in synophoto_dsm_user, a SUID program, as used in Synology Photo Station before 6.5.3-3226 allows local users to write to arbitrary files via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de salto de directorio en synophoto_dsm_user, un programa SUID, tal como se utiliza en Synology Photo Station en versiones anteriores a la 6.5.3-3226, permite a usuarios locales escribir en ficheros arbitrarios a trav\u00e9s de vectores no especificados."}], "id": "CVE-2016-10330", "lastModified": "2023-11-07T02:29:34.220", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-05-12T20:29:00.250", "references": [{"source": "security@synology.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://seclists.org/oss-sec/2016/q1/236"}, {"source": "security@synology.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-03-Read-Write-Arbitrary-Files"}, {"source": "security@synology.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://bamboofox.github.io/2017/03/20/Synology-Bug-Bounty-2016/#Vul-04-Privilege-Escalation"}, {"source": "security@synology.com", "tags": ["Release Notes"], "url": "https://www.synology.com/en-global/support/security/Photo_Station_6_5_3_3226"}], "sourceIdentifier": "security@synology.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@synology.com", "type": "Secondary"}]}