6 matches found
Ubuntu click privilege acquisition vulnerability
Ubuntu is a desktop-oriented GNU/Linux operating system developed by Canonical and the Ubuntu Foundation.Ubuntu LTS is a long-supported version of Ubuntu. click is one of the filesystems in which third-party applications are installed in a simplified packaging format. A security vulnerability...
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
Code injection
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
CVE-2015-8768
click/install.py in click does not require files in package filesystem tarballs to start with ./ dot slash, which allows remote attackers to install an alternate security policy and gain privileges via a crafted package, as demonstrated by the test.mmrow app for Ubuntu phone...
CVE-2015-8768
The CVE concerns the Python-based Click package (install.py) where file names in tarballs are not required to start with ./, enabling a crafted package to bypass checks and install an alternate security policy, potentially elevating privileges. Affected component: click/install.py; context mentio...