CVE-2016-9595

CWE-377 CWE-595 documents5 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 87.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Theforeman Katello Foreman Katello-debug Redhat Satellite +1 more

Timeline

PublishedJul 27

Latest updateMay 13

Description

A flaw was found in katello-debug before 3.4.0 where certain scripts and log files used insecure temporary files. A local user could exploit this flaw to conduct a symbolic-link attack, allowing them to overwrite the contents of arbitrary files.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages4 packages

▶CVEListV5foreman/katello-debug3.4.0

▶NVDtheforeman/katello< 3.4.0

▶NVDredhat/satellite6.3

▶NVDredhat/satellite_capsule6.3

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-4fx8-jx6v-vjhj: A flaw was found in katello-debug before 3↗2022-05-13

▶

CVEList

CVE-2016-9595: A flaw was found in katello-debug before 3↗2018-07-27

▶

📋Vendor Advisories

Red Hat

katello-debug: Possible symlink attacks due to use of predictable file names↗2016-12-21

▶

💬Community

Bugzilla

CVE-2016-9595 katello-debug: Possible symlink attacks due to use of predictable file names↗2016-12-21

▶