PT-2016-1707 · Opensuse+1 · Opensuse 13.2+3

Published

2016-04-13

Updated

2018-10-30

CVE-2016-4007

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions obs-service-extract file package before 0.3-5.1 in openSUSE Leap 42.1 obs-service-extract file package before 0.3-3.1 in openSUSE 13.2

Description The issue is related to multiple unspecified vulnerabilities in the obs-service-extract file package. These vulnerabilities allow attackers to execute arbitrary commands via a service definition, specifically by exploiting the execution of unzip with "illegal options." This can enable a remote attacker to execute arbitrary commands by affecting the service.

Recommendations For obs-service-extract file package before 0.3-5.1 in openSUSE Leap 42.1, update to version 0.3-5.1 or later. For obs-service-extract file package before 0.3-3.1 in openSUSE 13.2, update to version 0.3-3.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2016-01033

CVE-2016-4007

OPENSUSE-SU-2016_1659-1

OPENSUSE-SU-2016_1660-1

SUSE-SU-2016:1839-1

SUSE-SU-2016_1839-1

SUSE-SU-2018:0065-1

SUSE-SU-2018_0065-1

Affected Products

Suse

Obs-Service-Extract File

Opensuse 13.2

Opensuse Leap 42.1

PT-2016-1707 · Opensuse+1 · Opensuse 13.2+3

CVE-2016-4007

Weakness Enumeration

Related Identifiers

Affected Products

References · 23