Notified: April 06, 2015 Updated: May 26, 2015
Statement Date: April 08, 2015
Affected
We have removed client_chown in the latest build (3.2-3475) as precaution, even though the impact is concluded to be very low. The client_chown tool was originally designed to ease the upgrade process of the Cloud Station client, and was included starting from build 2291. To achieve this purpose, client_chown was able to change the ownership of certain system files that belong to Cloud Station client.
We are not aware of further vendor information regarding this vulnerability.