CVE-2015-3643
published 2017-09-28CVE-2015-3643: usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before…
PriorityP346high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.53%
71.6th percentile
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| usb-creator_project | usb-creator | <= 0.2.38.3 | — |
| usb-creator_project | usb-creator | <= 0.2.56.3 | — |
| usb-creator_project | usb-creator | <= 0.2.62ubuntu0.2 | — |
| usb-creator_project | usb-creator | <= 0.2.67 | — |
| usb-creator_project | usb-creator | >= 0 < 0.2.56.3ubuntu0.1 | 0.2.56.3ubuntu0.1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.04.6MEDIUMAV:L/AC:L/Au:N/C:P/I:P/A:P
osv7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-xg32-vp89-8jq5: usb-creator before 0
ghsa_unreviewed·2022-05-17
CVE-2015-3643 [HIGH] GHSA-xg32-vp89-8jq5: usb-creator before 0
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
OSV
CVE-2015-3643: usb-creator before 0
osv·2017-09-28·CVSS 7.8
CVE-2015-3643 [HIGH] CVE-2015-3643: usb-creator before 0
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
No detection rules found.
No writeups or analysis indexed.
http://www.openwall.com/lists/oss-security/2015/04/22/12http://www.openwall.com/lists/oss-security/2015/05/04/3http://www.securityfocus.com/bid/74304https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470https://usn.ubuntu.com/usn/usn-2576-1/https://usn.ubuntu.com/usn/usn-2576-2/https://www.exploit-db.com/exploits/36820/http://www.openwall.com/lists/oss-security/2015/04/22/12http://www.openwall.com/lists/oss-security/2015/05/04/3http://www.securityfocus.com/bid/74304https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470https://usn.ubuntu.com/usn/usn-2576-1/https://usn.ubuntu.com/usn/usn-2576-2/https://www.exploit-db.com/exploits/36820/
2017-09-28
Published