Lucene search

Ubuntu.comUB:CVE-2023-33865

HistoryJun 07, 2023 - 12:00 a.m.

CVE-2023-33865

2023-06-0700:00:00

ubuntu.com

cve-2023-33865 renderdoc local privilege escalation /tmp directory symlink attack bugs debian unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

RenderDoc before 1.27 allows local privilege escalation via a symlink
attack. It relies on the /tmp/RenderDoc directory regardless of ownership.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1037208>

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchrenderdoc< anyUNKNOWN
ubuntu22.04noarchrenderdoc< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	renderdoc	< any	UNKNOWN
ubuntu	22.04	noarch	renderdoc	< any	UNKNOWN

References

github.com/baldurk/renderdoc/commit/1f72a09e3b4fd8ba45be4b0db4889444ef5179e2 (v1.27)

github.com/baldurk/renderdoc/commit/203fc8382a79d53d2035613d9425d966b1d4958e (v1.27)

github.com/baldurk/renderdoc/commit/601ed56111ce3803d8476d438ade1c92d6092856 (v1.27)

github.com/baldurk/renderdoc/commit/771aa8e769b72e6a36b31d6e2116db9952dcbe9b (v1.27)

github.com/baldurk/renderdoc/commit/e0464fea4f9a7f149c4ee1d84e5ac57839a4a862 (v1.27)

launchpad.net/bugs/cve/CVE-2023-33865

nvd.nist.gov/vuln/detail/CVE-2023-33865

renderdoc.org/

security-tracker.debian.org/tracker/CVE-2023-33865

www.cve.org/CVERecord?id=CVE-2023-33865

www.openwall.com/lists/oss-security/2023/06/06/3

www.qualys.com/2023/06/06/renderdoc/renderdoc.txt

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

9.8%

JSON

Related for UB:CVE-2023-33865