PT-2018-6369 · Haystack · Arq
M4Rkw
·
Published
2018-01-31
·
Updated
2021-09-08
·
CVE-2017-16945
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Arq versions 5.10 and earlier
Description:
The issue allows local users to gain root privileges by writing to arbitrary files via a crafted restore path using the standardrestorer binary.
Recommendations:
For Arq versions 5.10 and earlier, consider restricting access to the standardrestorer binary until a patch is available. As a temporary workaround, avoid using the standardrestorer binary for restoring paths that could potentially be crafted to gain elevated privileges.
Exploit
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arq