CVE-2016-8605

Опубликовано: 10 окт. 2016

Источник: redhat

CVSS3: 2.5

CVSS2: 1.9

Описание

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected.

A vulnerability was found in guile, in the mkdir procedure's usage of umask(2). Under particular circumstances, an attacker could influence an application written in guile to create directories or files insecurely, potentially exposing them to being read or manipulated by local users.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	guile	Will not fix
Red Hat Enterprise Linux 6	guile	Will not fix
Red Hat Enterprise Linux 7	guile	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

https://bugzilla.redhat.com/show_bug.cgi?id=1383966guile: Thread-unsafe umask modification

2.5 Low

CVSS3

1.9 Low

CVSS2

Связанные уязвимости

CVE-2016-8605

CVSS3: 5.3

ubuntu

около 9 лет назад

CVE-2016-8605

CVSS3: 5.3

nvd

около 9 лет назад

CVE-2016-8605

CVSS3: 5.3

debian

около 9 лет назад

The mkdir procedure of GNU Guile temporarily changed the process' umas ...

openSUSE-SU-2017:0482-1

suse-cvrf

почти 9 лет назад

Security update for guile

openSUSE-SU-2016:2647-1

suse-cvrf

больше 9 лет назад

Security update for guile1

2.5 Low

CVSS3

1.9 Low

CVSS2