Lucene search
PRIOn knowledge basePRION:CVE-2017-9780HistoryJun 21, 2017 - 3:29 p.m.
Design/Logic Flaw
2017-06-2115:29:00
PRIOn knowledge base
www.prio-n.com
3
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the “system helper” component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
| CPE | Name | Operator | Version |
|---|---|---|---|
| debian_linux | eq | 9.0 | |
| flatpak | le | 0.8.6 |
Related
openvas
openvas
Debian Security Advisory DSA 3895-1 (flatpak - security update)
2017-06-22 00:00:00
Debian: Security Advisory (DSA-3895-1)
2017-06-21 00:00:00
Fedora Update for flatpak FEDORA-2017-6b1f07acd9
2017-07-14 00:00:00
osv
osv
CVE-2017-9780
2017-06-21 15:29:00
flatpak - security update
2017-06-22 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: flatpak-0.8.7-1.fc24
2017-07-12 01:54:30
debiancve
debiancve
CVE-2017-9780
2017-06-21 15:29:00
nvd
nvd
CVE-2017-9780
2017-06-21 15:29:00
cve
cve
CVE-2017-9780
2017-06-21 15:29:00
nessus
nessus
Debian DSA-3895-1 : flatpak - security update
2017-06-23 00:00:00
Fedora 24 : flatpak (2017-6b1f07acd9)
2017-07-13 00:00:00
openSUSE Security Update : flatpak (openSUSE-2018-139)
2018-02-08 00:00:00
debian
debian
[SECURITY] [DSA 3895-1] flatpak security update
2017-06-22 17:45:31
redhatcve
redhatcve
CVE-2017-9780
2018-01-23 16:58:05
ubuntucve
ubuntucve
CVE-2017-9780
2017-06-21 00:00:00
cvelist
cvelist
CVE-2017-9780
2017-06-21 15:00:00