Lucene search

K

Ubuntu.comUB:CVE-2013-5648

HistoryAug 29, 2013 - 12:00 a.m.

CVE-2013-5648

2013-08-2900:00:00

ubuntu.com

ubuntu.com

8

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.8%

Absolute path traversal vulnerability in the handleStartDataFile function
in DigiDocSAXParser.c in libdigidoc 3.6.0.0, as used in ID-software before
3.7.2 and other products, allows remote attackers to overwrite arbitrary
files via a filename beginning with / (slash) or \ (backslash) in a DDOC
file.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658300>

References

svnweb.mageia.org/packages/updates/3/libdigidoc/current/SOURCES/libdigidoc-3.6.0.0-security-fix-DataFile-name-tag.patch?revision=472660&view=markup

www.id.ee/?lang=en&id=34283#3_7_2

bugs.mageia.org/show_bug.cgi?id=11100

bugzilla.redhat.com/show_bug.cgi?id=1002299

launchpad.net/bugs/cve/CVE-2013-5648

nvd.nist.gov/vuln/detail/CVE-2013-5648

security-tracker.debian.org/tracker/CVE-2013-5648

www.cve.org/CVERecord?id=CVE-2013-5648

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.8%

Related for UB:CVE-2013-5648

fedora1 prion1 debiancve1 nessus2 mageia1 securityvulns2 openvas1 cve1 cvelist1 nvd1