Описание
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2016-5847
- https://www.coresecurity.com/advisories/sap-car-multiple-vulnerabilities
- https://www.exploit-db.com/exploits/40230
- http://packetstormsecurity.com/files/138284/SAP-CAR-Archive-Tool-Denial-Of-Service-Security-Bypass.html
- http://seclists.org/fulldisclosure/2016/Aug/46
- http://www.securityfocus.com/archive/1/539180/100/0/threaded
- http://www.securityfocus.com/bid/92406
Связанные уязвимости
CVSS3: 5.8
nvd
больше 9 лет назад
SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain privileges via a hard link attack on files extracted from an archive, possibly related to SAP Security Note 2327384.