CVE-2018-14036

Опубликовано: 13 июл. 2018

Источник: debian

EPSS Низкий

Описание

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
accountsservice	fixed	0.6.45-2		package
accountsservice	no-dsa		stretch	package
accountsservice	ignored		jessie	package

Примечания

https://www.openwall.com/lists/oss-security/2018/07/02/2
https://bugs.freedesktop.org/show_bug.cgi?id=107085
https://gitlab.freedesktop.org/accountsservice/accountsservice/commit/f9abd359f71a5bce421b9ae23432f539a067847a

EPSS

Процентиль: 79%

0.01239

Низкий

Связанные уязвимости

CVE-2018-14036

CVSS3: 6.5

ubuntu

больше 7 лет назад

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

CVE-2018-14036

CVSS3: 5

redhat

больше 7 лет назад

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

CVE-2018-14036

CVSS3: 6.5

nvd

больше 7 лет назад

Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.

openSUSE-SU-2018:3710-1

suse-cvrf

около 7 лет назад

Security update for accountsservice

SUSE-SU-2019:2778-1

suse-cvrf

больше 6 лет назад

Security update for accountsservice

EPSS

Процентиль: 79%

0.01239

Низкий