CVE-2016-4007

Sažetak

Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip with "illegal options."

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00046.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00049.html
http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00050.html
http://lists.opensuse.org/opensuse-security-announce/2016-07/msg00019.html
https://build.opensuse.org/request/show/361096

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

30-10-2018 - 16:27

Objavljeno

13-04-2016 - 14:59