PT-2018-5106 · Red Hat · Katello-Debug

Evgeni Golov

Published

2018-07-27

Updated

2019-10-09

CVE-2016-9595

CVSS v3.1

7.3

High

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions katello-debug versions prior to 3.4.0

Description A flaw was found in katello-debug where certain scripts and log files used insecure temporary files, allowing a local user to conduct a symbolic-link attack and overwrite the contents of arbitrary files.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the temporary files used by the scripts and log files to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-377CWE-59

Related Identifiers

CVE-2016-9595

RHSA-2018:0336

Affected Products

Katello-Debug

PT-2018-5106 · Red Hat · Katello-Debug

CVE-2016-9595

Weakness Enumeration

Related Identifiers

Affected Products

References · 4