exploitDog

CVE-2014-4677

Опубликовано: 22 фев. 2017

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

Ссылки

https://bierbaumer.net/security/cve-2014-4677/
Exploit
Third Party Advisory
https://gpgtools.org/releases/gpgsuite/2015.08/release-notes.html
Release Notes
Vendor Advisory
https://bierbaumer.net/security/cve-2014-4677/
Exploit
Third Party Advisory
https://gpgtools.org/releases/gpgsuite/2015.08/release-notes.html
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gpgtools:libmacgpg:*:*:*:*:*:*:*:*

Версия до 0.6 (включая)

EPSS

Процентиль: 39%

0.00175

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-9mxj-5p25-8xf4

CVSS3: 7.8

github

больше 3 лет назад

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

EPSS

Процентиль: 39%

0.00175

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-77