Lucene search

MitreCVE-2015-1378

HistoryAug 07, 2017 - 5:29 p.m.

CVE-2015-1378

2017-08-0717:29:00

CWE-264

mitre

web.nvd.nist.gov

cve-2015-1378

grml-debootstrap

debian

security vulnerability

non-root users

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.0%

JSON

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.

Affected configurations

Nvd

Node

grmlgrml-debootstrapMatch0.54

grmlgrml-debootstrapMatch0.68

grmlgrml-debootstrapMatch0.70

grmlgrml-debootstrapMatch0.71

grmlgrml-debootstrapMatch0.72

grmlgrml-debootstrapMatch0.73

grmlgrml-debootstrapMatch0.74

grmlgrml-debootstrapMatch0.75

grmlgrml-debootstrapMatch0.76

grmlgrml-debootstrapMatch0.77

VendorProductVersionCPE
grmlgrml-debootstrap0.54cpe:2.3:a:grml:grml-debootstrap:0.54:*:*:*:*:*:*:*
grmlgrml-debootstrap0.68cpe:2.3:a:grml:grml-debootstrap:0.68:*:*:*:*:*:*:*
grmlgrml-debootstrap0.70cpe:2.3:a:grml:grml-debootstrap:0.70:*:*:*:*:*:*:*
grmlgrml-debootstrap0.71cpe:2.3:a:grml:grml-debootstrap:0.71:*:*:*:*:*:*:*
grmlgrml-debootstrap0.72cpe:2.3:a:grml:grml-debootstrap:0.72:*:*:*:*:*:*:*
grmlgrml-debootstrap0.73cpe:2.3:a:grml:grml-debootstrap:0.73:*:*:*:*:*:*:*
grmlgrml-debootstrap0.74cpe:2.3:a:grml:grml-debootstrap:0.74:*:*:*:*:*:*:*
grmlgrml-debootstrap0.75cpe:2.3:a:grml:grml-debootstrap:0.75:*:*:*:*:*:*:*
grmlgrml-debootstrap0.76cpe:2.3:a:grml:grml-debootstrap:0.76:*:*:*:*:*:*:*
grmlgrml-debootstrap0.77cpe:2.3:a:grml:grml-debootstrap:0.77:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
grml	grml-debootstrap	0.54	cpe:2.3:a:grml:grml-debootstrap:0.54:::::::*
grml	grml-debootstrap	0.68	cpe:2.3:a:grml:grml-debootstrap:0.68:::::::*
grml	grml-debootstrap	0.70	cpe:2.3:a:grml:grml-debootstrap:0.70:::::::*
grml	grml-debootstrap	0.71	cpe:2.3:a:grml:grml-debootstrap:0.71:::::::*
grml	grml-debootstrap	0.72	cpe:2.3:a:grml:grml-debootstrap:0.72:::::::*
grml	grml-debootstrap	0.73	cpe:2.3:a:grml:grml-debootstrap:0.73:::::::*
grml	grml-debootstrap	0.74	cpe:2.3:a:grml:grml-debootstrap:0.74:::::::*
grml	grml-debootstrap	0.75	cpe:2.3:a:grml:grml-debootstrap:0.75:::::::*
grml	grml-debootstrap	0.76	cpe:2.3:a:grml:grml-debootstrap:0.76:::::::*
grml	grml-debootstrap	0.77	cpe:2.3:a:grml:grml-debootstrap:0.77:::::::*

References

cve.killedkenny.io/cve/CVE-2015-1378

www.openwall.com/lists/oss-security/2015/01/27/17

github.com/grml/grml-debootstrap/issues/59

people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1378.html

security-tracker.debian.org/tracker/CVE-2015-1378/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

61.0%

JSON

Related for CVE-2015-1378