Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-8921

Опубликовано: 12 мая 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 5
CVSS3: 7.5

Описание

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

РелизСтатусПримечание
artful

not-affected

1:2017.2.1+dfsg-4
bionic

not-affected

1:2017.2.1+dfsg-4
cosmic

not-affected

1:2017.2.1+dfsg-4
devel

not-affected

1:2017.2.1+dfsg-4
disco

not-affected

1:2017.2.1+dfsg-4
eoan

not-affected

1:2017.2.1+dfsg-4
esm-apps/bionic

not-affected

1:2017.2.1+dfsg-4
esm-apps/focal

not-affected

1:2017.2.1+dfsg-4
esm-apps/jammy

not-affected

1:2017.2.1+dfsg-4
esm-apps/noble

not-affected

1:2017.2.1+dfsg-4

Показывать по

Ссылки на источники

EPSS

Процентиль: 69%
0.00588
Низкий

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-8921

CVSS3: 7.5
nvd
больше 8 лет назад

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

debian логотип

CVE-2017-8921

CVSS3: 7.5
debian
больше 8 лет назад

In FlightGear before 2017.2.1, the FGCommand interface allows overwrit ...

github логотип

GHSA-cm86-qqq5-r5v2

CVSS3: 7.5
github
больше 3 лет назад

In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956.

EPSS

Процентиль: 69%
0.00588
Низкий

5 Medium

CVSS2

7.5 High

CVSS3