PT-2017-18625 · Flightgear+1 · Flightgear+1

Rebecca N. Palmer

Published

2017-05-12

Updated

2018-07-04

CVE-2017-8921

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions FlightGear versions prior to 2017.2.1

Description The issue allows overwriting of files that the user has write access to, but only with the contents of a FlightGear flightplan (XML). This could be exploited by a malicious resource, such as a third-party aircraft, to damage user files. The problem exists due to an incomplete fix for a previous issue.

Recommendations For versions prior to 2017.2.1, update to version 2017.2.1 or later to resolve the issue.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2018-1974

CVE-2017-8921

Affected Products

Alt Linux

Flightgear

PT-2017-18625 · Flightgear+1 · Flightgear+1

CVE-2017-8921

Weakness Enumeration

Related Identifiers

Affected Products

References · 8