PT-2017-7949 · Debian · Openssl
Alberto Garcia
·
Publicado
2017-12-05
·
Atualizado
2017-12-20
·
CVE-2016-1253
CVSS v2.0
10
Crítica
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
openssl versions prior to 5.0.0a-2.2 in Debian wheezy
openssl versions prior to 5.0.0a-2.3+deb8u1 in Debian jessie
openssl versions prior to 5.0.0a-3 in Debian unstable
Description
The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the name of an LZMA-compressed file.
Recommendations
For Debian wheezy, update to version 5.0.0a-2.2 or later.
For Debian jessie, update to version 5.0.0a-2.3+deb8u1 or later.
For Debian unstable, update to version 5.0.0a-3 or later.
Correção
OS Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openssl