PT-2016-7348 · Teradata+1 · Teradata Virtual Machine Community Edition+1

Larry W. Cashdollar

Publicado

2016-11-10

Atualizado

2018-12-11

CVE-2016-7489

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Teradata Virtual Machine Community Edition version 15.10

Description The issue arises from the perl script /opt/teradata/gsctools/bin/t2a.pl in Teradata Virtual Machine Community Edition, which creates files in /tmp in an insecure manner. This insecure file creation may lead to elevated code execution.

Recommendations For Teradata Virtual Machine Community Edition version 15.10, consider restricting access to the /tmp directory or implementing secure file creation practices to minimize the risk of exploitation. As a temporary workaround, consider disabling the execution of the t2a.pl script until a secure version is available.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2018-2754

ALT-PU-2018-2755

ALT-PU-2018-2814

CVE-2016-7489

Produtos afetados

Alt Linux

Teradata Virtual Machine Community Edition

PT-2016-7348 · Teradata+1 · Teradata Virtual Machine Community Edition+1

CVE-2016-7489

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4