PT-2017-18625 · Flightgear+1 · Flightgear+1

Rebecca N. Palmer

Publicado

2017-05-12

Atualizado

2018-07-04

CVE-2017-8921

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions FlightGear versions prior to 2017.2.1

Description The issue allows overwriting of files that the user has write access to, but only with the contents of a FlightGear flightplan (XML). This could be exploited by a malicious resource, such as a third-party aircraft, to damage user files. The problem exists due to an incomplete fix for a previous issue.

Recommendations For versions prior to 2017.2.1, update to version 2017.2.1 or later to resolve the issue.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2018-1974

CVE-2017-8921

Produtos afetados

Alt Linux

Flightgear

PT-2017-18625 · Flightgear+1 · Flightgear+1

CVE-2017-8921

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8