HIGH🇬🇧 English

CVE-2017-18285

CVSS 7.1v3.0pub. 2018-06-04upd. 2024-11-21

The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.

oryginał EN
CVSS Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • Burp Project Burp

    APP
    Burp Project
    < 2.1.32
  • Gentoo Linux

    OS
    Gentoo
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2024-12084CRITICAL9.8PL ✓ten sam produkt

Heap-based buffer overflow w rsync daemon — zapis poza granicami bufora sum2

CVE-2024-12085HIGH7.5ten sam produkt

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an att...

CVE-2022-23220HIGH7.8ten sam produkt

USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as roo...

CVE-2017-18284HIGH7.1ten sam produkt

The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp acco...

CVE-2017-18225HIGH7.8ten sam produkt

The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, jabberd2-c2s, jabberd2-router, jabberd2-s2s...