CVE-2016-9956

Опубликовано: 22 фев. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

Ссылки

http://www.debian.org/security/2016/dsa-3742
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/14/11
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/15/10
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/16/5
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94945
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZKAN7V6UOHSRFWO567XMN4O6WXTSL32/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB3B5XBB2NL2O2U4WNYGH7ZL45Q4UHGG/
https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/
Issue Tracking
Patch
Third Party Advisory
https://sourceforge.net/projects/flightgear/files/release-2016.4/
Patch
Release Notes
Third Party Advisory
https://usn.ubuntu.com/4588-1/
http://www.debian.org/security/2016/dsa-3742
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/14/11
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/15/10
Mailing List
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/16/5
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/94945
Third Party Advisory
VDB Entry
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZKAN7V6UOHSRFWO567XMN4O6WXTSL32/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB3B5XBB2NL2O2U4WNYGH7ZL45Q4UHGG/
https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/
Issue Tracking
Patch
Third Party Advisory
https://sourceforge.net/projects/flightgear/files/release-2016.4/
Patch
Release Notes
Third Party Advisory
https://usn.ubuntu.com/4588-1/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:flightgear:flightgear:*:*:*:*:*:*:*:*

Версия до 2016.4.3 (включая)

EPSS

Процентиль: 83%

0.01886

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-9956

CVSS3: 7.5

ubuntu

почти 9 лет назад

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

CVE-2016-9956

CVSS3: 7.5

debian

почти 9 лет назад

The route manager in FlightGear before 2016.4.4 allows remote attacker ...

GHSA-gx42-hf7v-vhvg

CVSS3: 7.5

github

больше 3 лет назад

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

EPSS

Процентиль: 83%

0.01886

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284