CVE-2017-15108

Опубликовано: 20 янв. 2018

Источник: nvd

CVSS3: 7.8

CVSS2: 4.6

EPSS Низкий

Описание

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

Ссылки

https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201804-09
Third Party Advisory
https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201804-09
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:spice-space:spice-vdagent:*:*:*:*:*:*:*:*

Версия до 0.17.0 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00143

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-78

Связанные уязвимости

CVE-2017-15108

CVSS3: 7.8

ubuntu

около 8 лет назад

CVE-2017-15108

CVSS3: 7.8

debian

около 8 лет назад

spice-vdagent up to and including 0.17.0 does not properly escape save ...

openSUSE-SU-2018:0399-1

suse-cvrf

почти 8 лет назад

security update for spice-vdagent

SUSE-SU-2018:0372-1

suse-cvrf

около 8 лет назад

security update for spice-vdagent

GHSA-rx22-vq3w-89rg

CVSS3: 7.8

github

больше 3 лет назад

EPSS

Процентиль: 35%

0.00143

Низкий

7.8 High

CVSS3

4.6 Medium

CVSS2

Дефекты

CWE-78