PT-2017-6483 · Grml · Grml-Debootstrap
Hartwork
·
Publicado
2017-08-07
·
Atualizado
2017-08-16
·
CVE-2015-1378
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
grml-debootstrap versions 0.54, 0.68.x before 0.68.1, 0.7x before 0.78
Description
The issue arises from the file cmdlineopts.clp in grml-debootstrap, which is sourced without verifying that the local directory is writable by non-root users.
Recommendations
For versions 0.54, update to a version later than 0.54 to resolve the issue.
For versions 0.68.x, update to version 0.68.1 or later.
For versions 0.7x, update to version 0.78 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Grml-Debootstrap