Lucene search
Redhat.comRH:CVE-2017-15288HistoryNov 23, 2017 - 3:19 p.m.
CVE-2017-15288
2017-11-2315:19:33
redhat.com
access.redhat.com
10
0.0004 Low
EPSS
Percentile
10.1%
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Mitigation
1. Use "scala -nocompdaemon MyScript.scala" rather than "scala MyScript.scala" to disable the implicit startup and use of the daemon.
2. Avoid explicitly starting fsc.
This text is borrowed from the upstream security advisory.
Related
zdt
zdt
Scala 2.x Privilege Escalation Vulnerability
2017-11-15 00:00:00
nessus
nessus
GLSA-201812-08 : Scala: Privilege escalation
2018-12-17 00:00:00
osv
osv
High severity vulnerability that affects org.scala-lang:scala-compiler
2018-10-19 16:51:11
CVE-2017-15288
2017-11-15 16:29:00
cve
cve
CVE-2017-15288
2017-11-15 16:29:00
ubuntucve
ubuntucve
CVE-2017-15288
2017-11-15 00:00:00
debiancve
debiancve
CVE-2017-15288
2017-11-15 16:29:00
nvd
nvd
CVE-2017-15288
2017-11-15 16:29:00
github
github
High severity vulnerability that affects org.scala-lang:scala-compiler
2018-10-19 16:51:11
ibm
ibm
prion
prion
Design/Logic Flaw
2017-11-15 16:29:00
gentoo
gentoo
Scala: Privilege escalation
2018-12-15 00:00:00
veracode
veracode
Arbitrary Code Execution
2017-11-15 07:13:26
cvelist
cvelist
CVE-2017-15288
2017-11-15 16:00:00