Cloud FoundryCFOUNDRY:2A92103EB00BBC4C3399733A8D9F38E1USN-5334-1: man-db vulnerability | Cloud Foundry
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
26.8%
Severity
Low
Vendor
Canonical Ubuntu
Versions Affected
- Canonical Ubuntu 16.04
Description
It was discovered that man-db incorrectly handled permission changing operations in its daily cron job, and was therefore affected by a race condition. An attacker could possibly use this issue to escalate privileges and execute arbitrary code.
CVEs contained in this USN include: CVE-2015-1336.
Affected Cloud Foundry Products and Versions
Severity is low unless otherwise noted.
- CF Deployment
- All versions with Xenial Stemcells prior to 621.224
Mitigation
Users of affected products are strongly encouraged to follow the mitigations below. The Cloud Foundry project recommends upgrading the following releases:
- CF Deployment
- For all versions, upgrade Xenial Stemcells to 621.224 or greater
References
History
2022-04-21: Initial vulnerability report published.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cloudfoundry | cf-deployment | * | cpe:2.3:a:cloudfoundry:cf-deployment:*:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
26.8%