PT-2018-12292 · Freebsd+6 · Accountsservice+6

Matthias Gerstner

Published

2018-07-13

Updated

2024-06-15

CVE-2018-14036

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions AccountsService versions prior to 0.6.50

Description The issue arises from an insufficient path check in the user change icon file authorized cb() function, located in user.c, allowing Directory Traversal with ../ sequences.

Recommendations For versions prior to 0.6.50, update to version 0.6.50 or later to resolve the issue.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

ALT-PU-2018-2064

CESA-2018_3140

CVE-2018-14036

OPENSUSE-SU-2024:10611-1

RHSA-2018:3140

RHSA-2018_3140

SUSE-SU-2018:3625-1

SUSE-SU-2018_3625-1

SUSE-SU-2019:2778-1

SUSE-SU-2019_2778-1

USN-4616-1

USN-4616-2

Affected Products

Alt Linux

Accountsservice

Centos

Linuxmint

Red Hat

Suse

Ubuntu

PT-2018-12292 · Freebsd+6 · Accountsservice+6

CVE-2018-14036

Weakness Enumeration

Related Identifiers

Affected Products

References · 28