CVE-2016-9956Improper Access Control in Flightgear

CWE-284Improper Access ControlCWE-22Path Traversal11 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.9%
top 16.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
FlightgearDebian FlightgearDebian Linux+1 more
Timeline
PublishedFeb 22
Latest updateMay 17

Description

The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/flightgear< flightgear 1:2016.4.3+dfsg-1 (bookworm)+1
Debianflightgear/flightgear< 1:2016.4.3+dfsg-1+7
NVDflightgear/flightgear2016.4.3+1

Also affects: Debian Linux 8.0, Fedora 24, 25

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: sourceforge.net

🔴Vulnerability Details

4
GHSA
GHSA-cm86-qqq5-r5v2: In FlightGear before 20172022-05-17
GHSA
GHSA-gx42-hf7v-vhvg: The route manager in FlightGear before 20162022-05-13
OSV
CVE-2017-8921: In FlightGear before 20172017-05-12
OSV
CVE-2016-9956: The route manager in FlightGear before 20162017-02-22

📋Vendor Advisories

3
Ubuntu
FlightGear vulnerability2020-10-19
Debian
CVE-2017-8921: flightgear - In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any fi...2017
Debian
CVE-2016-9956: flightgear - The route manager in FlightGear before 2016.4.4 allows remote attackers to write...2016

💬Community

2
Bugzilla
CVE-2016-9956 FlightGear: Route manager allows overwrite of arbitrary files2016-12-16
Bugzilla
CVE-2016-9956 FlightGear: Route manager allows overwrite of arbitrary files [fedora-all]2016-12-16