CVE-2015-3248

Опубликовано: 10 фев. 2014

Источник: redhat

CVSS2: 4.6

EPSS Низкий

Описание

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).

It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory.

Отчет

This issue affects the version of openhpi as shipped with Red Hat Enterprise Linux 5 and 6. This issue has been rated as having Low security impact and is not currently planned to be addressed in future updates of Red Hat Enterprise Linux 5 and 6.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 5	openhpi	Will not fix
Red Hat Enterprise Linux 6	openhpi	Will not fix
Red Hat Enterprise Linux 7	openhpi	Fixed	RHSA-2015:2369	19.11.2015

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-552

https://bugzilla.redhat.com/show_bug.cgi?id=1233520openhpi: world writable /var/lib/openhpi directory

EPSS

Процентиль: 28%

0.00097

Низкий

4.6 Medium

CVSS2

Связанные уязвимости

CVE-2015-3248

CVSS3: 4.7

ubuntu

почти 8 лет назад

CVE-2015-3248

CVSS3: 4.7

nvd

почти 8 лет назад

CVE-2015-3248

CVSS3: 4.7

debian

почти 8 лет назад

openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permis ...

GHSA-pqv4-g55h-5j74

CVSS3: 4.7

github

больше 3 лет назад

ELSA-2015-2369

oracle-oval

почти 10 лет назад

ELSA-2015-2369: openhpi security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 28%

0.00097

Низкий

4.6 Medium

CVSS2