EUVD-2017-18709

Malware in sbrugna...

Design/Logic Flaw

OCaml compiler allows attackers to have unspecified impact via unknown vectors, a similar issue to CVE-2017-9772 "but with much less impact."...

Fedora 26 : ocaml (2017-64f47504e4)

Fix: ocaml: Insufficient sanitisation allows privilege escalation for setuid binaries CVE-2017-9772 RHBZ1464920. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format...

Security fix for the ALT Linux 8 package ocaml version 4.04.2-alt1.M80P.1

4.04.2-alt1.M80P.1 built July 12, 2017 Anton Farygin in task 185295 --- July 4, 2017 Anton Farygin - new version with security fixes: + CVE-2017-9772 Local privilege escalation issue with ocaml binaries...

UBUNTU-CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAMLCPLUGINS, CAMLNATIVECPLUGINS, or CAMLBYTECPLUGINS environment variable...

CVE-2017-9772

OCaml CVE-2017-9772: Insufficient sanitisation in OCaml compiler versions 4.04.0/4.04.1 allows local privilege escalation by setting CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variables. Affected: OCaml compiler; impact: privilege escalation on setuid binaries. Remedia...