Lucene search

Ubuntu.comUB:CVE-2017-2390

HistoryApr 02, 2017 - 12:00 a.m.

CVE-2017-2390

2017-04-0200:00:00

ubuntu.com

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

An issue was discovered in certain Apple products. iOS before 10.3 is
affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected.
watchOS before 3.2 is affected. The issue involves symlink mishandling in
the “libarchive” component. It allows local users to change arbitrary
directory permissions via unspecified vectors.

Notes

Author	Note
mdeslaur	possibly apple-specific, no details marking as not-affected due to lack of details as of 2018-03-27

References

launchpad.net/bugs/cve/CVE-2017-2390

nvd.nist.gov/vuln/detail/CVE-2017-2390

security-tracker.debian.org/tracker/CVE-2017-2390

support.apple.com/HT207601

support.apple.com/HT207602

support.apple.com/HT207615

support.apple.com/HT207617

www.cve.org/CVERecord?id=CVE-2017-2390

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2017-2390