PT-2018-4235 · Openssl+1 · Openssl+2

Larry W. Cashdollar

Publicado

2018-01-10

Atualizado

2022-05-14

CVE-2014-4993

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions backup-agoddard gem version 3.0.28 backup checksum gem version 3.0.23

Description The issue allows local users to obtain sensitive information by listing the process, as credentials are placed on the openssl command line in the lib/backup/cli/utility.rb file of the affected gems.

Recommendations For backup-agoddard gem version 3.0.28, consider updating to a version where the credentials are not placed on the openssl command line. For backup checksum gem version 3.0.23, consider updating to a version where the credentials are not placed on the openssl command line. As a temporary workaround, consider restricting access to the lib/backup/cli/utility.rb file to minimize the risk of exploitation.

Exploit

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2014-4993

GHSA-WR5J-Q359-6VR2

Produtos afetados

Backup-Agoddard

Backup Checksum

Openssl

PT-2018-4235 · Openssl+1 · Openssl+2

CVE-2014-4993

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8