Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-15131

Опубликовано: 09 янв. 2018
Источник: debian

Описание

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
xdg-user-dirsunfixedpackage

Примечания

  • The CVE relates that created directories by xdg-user-dirs might not

  • respect a system policy for user created files by setting a umask

  • system-wide in e.g. /etc/profile due to xdg-user-dirs beeing invoked

  • from Xsession scripts. This can be mitigated by e.g. using pam_umask

  • on session start and having it when xdg-user-dirs is executed.

  • In Debian xdg-user-dirs starting from 0.15-3 replaces the use of

  • /etc/X11/Xsession.d/*xdg-user-dirs-update with an autostart .desktop

  • file for user-dirs-update primarly to work as well with Wayland

  • sessions.

  • Enforcements can be achieved e.g. by using pam_umask.

  • http://bugs.freedesktop.org/show_bug.cgi?id=102303

Связанные уязвимости

ubuntu логотип

CVE-2017-15131

CVSS3: 7.8
ubuntu
почти 8 лет назад

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

redhat логотип

CVE-2017-15131

CVSS3: 3.3
redhat
почти 9 лет назад

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

nvd логотип

CVE-2017-15131

CVSS3: 7.8
nvd
почти 8 лет назад

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

github логотип

GHSA-q4r5-4gjj-jww9

CVSS3: 7.8
github
больше 3 лет назад

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux.

oracle-oval логотип

ELSA-2018-0842

oracle-oval
больше 7 лет назад

ELSA-2018-0842: xdg-user-dirs security and bug fix update (LOW)