CVE-2017-9232

Опубликовано: 28 мая 2017

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Высокий

Описание

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

Ссылки

http://www.securityfocus.com/bid/98737
Third Party Advisory
VDB Entry
https://bugs.launchpad.net/juju/+bug/1682411
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/44023/
http://www.securityfocus.com/bid/98737
Third Party Advisory
VDB Entry
https://bugs.launchpad.net/juju/+bug/1682411
Exploit
Issue Tracking
Third Party Advisory
https://www.exploit-db.com/exploits/44023/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:canonical:juju:*:*:*:*:*:*:*:*

Версия до 1.25.12 (включая)

cpe:2.3:a:canonical:juju:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:alpha1:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:alpha2:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta1:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta10:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta11:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta12:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta13:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta14:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta15:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta16:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta17:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta18:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta2:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta3:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta4:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta5:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta6:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta7:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta8:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:beta9:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:rc1:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:rc2:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.0:rc3:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.1:*:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.2:*:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.0.3:*:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:*:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:beta1:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:beta2:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:beta3:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:beta4:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:beta5:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:rc1:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.0:rc2:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.1:*:*:*:*:*:*:*

cpe:2.3:a:canonical:juju:2.1.2:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.81605

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-862

Связанные уязвимости

CVE-2017-9232

CVSS3: 9.8

ubuntu

больше 8 лет назад

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without setting appropriate permissions, allowing privilege escalation by users on the system to root.

CVE-2017-9232

CVSS3: 9.8

debian

больше 8 лет назад

Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a ...

GHSA-j3hp-pv6v-rgrx

CVSS3: 9.8

github

больше 3 лет назад

Juju uses a UNIX domain socket without setting appropriate permissions

EPSS

Процентиль: 99%

0.81605

Высокий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-862