exploitDog

CVE-2016-3067

Опубликовано: 21 апр. 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.

Ссылки

https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html
Mailing List
Release Notes
Vendor Advisory
https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html
Mailing List
Release Notes
Vendor Advisory
https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html
Mailing List
Release Notes
Vendor Advisory
https://cygwin.com/ml/cygwin/2016-02/msg00129.html
Mailing List
Release Notes
Vendor Advisory
https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f50b926a2c58c963f571b044
https://cygwin.com/ml/cygwin-announce/2016-02/msg00023.html
Mailing List
Release Notes
Vendor Advisory
https://cygwin.com/ml/cygwin-announce/2016-04/msg00020.html
Mailing List
Release Notes
Vendor Advisory
https://cygwin.com/ml/cygwin-announce/2016-04/msg00054.html
Mailing List
Release Notes
Vendor Advisory
https://cygwin.com/ml/cygwin/2016-02/msg00129.html
Mailing List
Release Notes
Vendor Advisory
https://sourceware.org/git/?p=newlib-cygwin.git%3Ba=commit%3Bh=205862ed08649df8f50b926a2c58c963f571b044

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cygwin:cygwin:*:*:*:*:*:*:*:*

Версия до 2.4.1-1 (включая)

EPSS

Процентиль: 69%

0.0059

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-q582-cxmf-6cxr

CVSS3: 9.8

github

больше 3 лет назад

Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges.

EPSS

Процентиль: 69%

0.0059

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-264