PT-2016-1707 · Opensuse+1 · Opensuse 13.2+3

Publicado

2016-04-13

Atualizado

2018-10-30

CVE-2016-4007

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions obs-service-extract file package before 0.3-5.1 in openSUSE Leap 42.1 obs-service-extract file package before 0.3-3.1 in openSUSE 13.2

Description The issue is related to multiple unspecified vulnerabilities in the obs-service-extract file package. These vulnerabilities allow attackers to execute arbitrary commands via a service definition, specifically by exploiting the execution of unzip with "illegal options." This can enable a remote attacker to execute arbitrary commands by affecting the service.

Recommendations For obs-service-extract file package before 0.3-5.1 in openSUSE Leap 42.1, update to version 0.3-5.1 or later. For obs-service-extract file package before 0.3-3.1 in openSUSE 13.2, update to version 0.3-3.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-17

Identificadores relacionados

BDU:2016-01033

CVE-2016-4007

OPENSUSE-SU-2016_1659-1

OPENSUSE-SU-2016_1660-1

SUSE-SU-2016:1839-1

SUSE-SU-2016_1839-1

SUSE-SU-2018:0065-1

SUSE-SU-2018_0065-1

Produtos afetados

Suse

Obs-Service-Extract File

Opensuse 13.2

Opensuse Leap 42.1

PT-2016-1707 · Opensuse+1 · Opensuse 13.2+3

CVE-2016-4007

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 23