CVE-2016-4036 — Incorrect Permission Assignment in Leap

CWE-264 CWE-732 — Incorrect Permission Assignment7 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.0%

top 87.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Quagga Opensuse Leap Opensuse

Timeline

PublishedApr 18

Latest updateMay 14

Description

The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux Enterprise Server 11 SP 1 uses weak permissions for /etc/quagga, which allows local users to obtain sensitive information by reading files in the directory.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶Ubuntuquagga/quagga< 0.99.22.4-3ubuntu1.2+1

▶NVDopensuse/leap42.1

▶NVDopensuse/opensuse13.2

🔴Vulnerability Details

GHSA

GHSA-mcf9-56wg-9grv: The quagga package before 0↗2022-05-14

▶

OSV

quagga vulnerabilities↗2016-10-13

▶

OSV

CVE-2016-4036: The quagga package before 0↗2016-04-18

▶

📋Vendor Advisories

Ubuntu

Quagga vulnerabilities↗2016-10-13

▶

Red Hat

quagga: Wrong permissions allowing information leak↗2016-08-23

▶

💬Community

Bugzilla

CVE-2016-4036 quagga: Wrong permissions allowing information leak↗2016-08-26

▶