PT-2023-22268 · Sagemath+1 · Sagemath Flintqs+1

Orlitzky

Publicado

2023-04-06

Atualizado

2023-04-13

CVE-2023-29465

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SageMath FlintQS version 1.0

Description The issue allows a local user to overwrite files with the privileges of a different user who is running SageMath FlintQS, due to its reliance on pathnames under TMPDIR, which is typically world-writable.

Recommendations For SageMath FlintQS version 1.0, consider restricting access to the TMPDIR to prevent unauthorized file overwrites until a patch is available. As a temporary workaround, restrict write access to the TMPDIR directory to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-29465

Produtos afetados

Debian

Sagemath Flintqs

PT-2023-22268 · Sagemath+1 · Sagemath Flintqs+1

CVE-2023-29465

Identificadores relacionados

Produtos afetados

Referências · 14