Описание
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| sqlite3 | fixed | 3.13.0-1 | package | |
| sqlite3 | fixed | 3.8.7.1-1+deb8u2 | jessie | package |
| sqlite | removed | package |
Примечания
http://www.sqlite.org/cgi/src/info/67985761aa93fb61
http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
and possibly http://www.sqlite.org/cgi/src/info/614bb709d34e1148
https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
Vulnerable code in os.c:sqliteOsTempFileName() for sqlite(v2)
Связанные уязвимости
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
os_unix.c in SQLite before 3.13.0 improperly implements the temporary directory search algorithm, which might allow local users to obtain sensitive information, cause a denial of service (application crash), or have unspecified other impact by leveraging use of the current working directory for temporary files.
