CVE-2017-15288
published 2017-11-15CVE-2017-15288: The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in…
PriorityP339high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.38%
29.3th percentile
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | scala | < scala 2.11.12-1 (bookworm) | scala 2.11.12-1 (bookworm) |
| scala-lang | scala | < 2.10.7 | 2.10.7 |
| scala-lang | scala | >= 0 < 2.11.12-1 | 2.11.12-1 |
| scala-lang | scala | >= 0 < 2.11.12-1 | 2.11.12-1 |
| scala-lang | scala | >= 0 < 2.11.12-1 | 2.11.12-1 |
| scala-lang | scala | >= 0 < 2.11.12-1 | 2.11.12-1 |
| scala-lang | scala | >= 2.11.0 < 2.11.12 | 2.11.12 |
| scala-lang | scala | >= 2.12.0 < 2.12.4 | 2.12.4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
High severity vulnerability that affects org.scala-lang:scala-compiler
ghsa·2018-10-19
CVE-2017-15288 [HIGH] CWE-732 High severity vulnerability that affects org.scala-lang:scala-compiler
High severity vulnerability that affects org.scala-lang:scala-compiler
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
OSV
High severity vulnerability that affects org.scala-lang:scala-compiler
osv·2018-10-19
CVE-2017-15288 [HIGH] High severity vulnerability that affects org.scala-lang:scala-compiler
High severity vulnerability that affects org.scala-lang:scala-compiler
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
OSV
CVE-2017-15288: The compilation daemon in Scala before 2
osv·2017-11-15·CVSS 7.8
CVE-2017-15288 [HIGH] CVE-2017-15288: The compilation daemon in Scala before 2
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Red Hat
scala: Privilege escalation in Scala compilation daemon
vendor_redhat·2017-11-13·CVSS 7.8
CVE-2017-15288 [HIGH] CWE-377 scala: Privilege escalation in Scala compilation daemon
scala: Privilege escalation in Scala compilation daemon
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Mitigation: 1. Use "scala -nocompdaemon MyScript.scala" rather than "scala MyScript.scala" to disable the implicit startup and use of the daemon.
2. Avoid explicitly starting fsc.
This text is borrowed from the upstream security advisory.
Package: scala-compiler (JBoss Developer Studio 10) - Not affected
Package: scala-library (JBoss Developer Studio 10) - Not affected
Package: scala-library (JBoss Developer Studio 8) - Not affected
Package: s
Debian
CVE-2017-15288: scala - The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x...
vendor_debian·2017·CVSS 7.8
CVE-2017-15288 [HIGH] CVE-2017-15288: scala - The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x...
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Scope: local
bookworm: resolved (fixed in 2.11.12-1)
bullseye: resolved (fixed in 2.11.12-1)
forky: resolved (fixed in 2.11.12-1)
sid: resolved (fixed in 2.11.12-1)
trixie: resolved (fixed in 2.11.12-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-15288 scala: Privilege escalation in Scala compilation daemon
bugzilla·2017-11-23·CVSS 7.8
CVE-2017-15288 [HIGH] CVE-2017-15288 scala: Privilege escalation in Scala compilation daemon
CVE-2017-15288 scala: Privilege escalation in Scala compilation daemon
A flaw was found in Scala versions 2.1.6-2.10.6; 2.11.0-2.11.11; 2.12.0-2.12.3. An insecure use of temporary files may permit privilege escalation through the compile daemon leading to code execution and arbitrary class files writing as the user that started the daemon.
Upstream bug:
https://github.com/scala/scala/pull/6108
Upstream patch:
https://github.com/scala/scala/pull/6108/commits/b64ad85d1cfdfff29d0836a66736d6d2b0830c0e
References:
http://scala-lang.org/news/security-update-nov17.html
Discussion:
Created scala tracking bugs for this issue:
Affects: fedora-all [bug 1516916]
---
Mitigation:
1. Use "scala -nocompdaemon MyScript.scala" rather than "scala MyScript.scala" to disable the implicit startup a
Bugzilla
CVE-2017-15288 scala: Privilege escalation in Scala compilation daemon [fedora-all]
bugzilla·2017-11-23·CVSS 7.8
CVE-2017-15288 [HIGH] CVE-2017-15288 scala: Privilege escalation in Scala compilation daemon [fedora-all]
CVE-2017-15288 scala: Privilege escalation in Scala compilation daemon [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ve
http://scala-lang.org/news/security-update-nov17.htmlhttps://github.com/scala/scala/pull/6108https://github.com/scala/scala/pull/6120https://github.com/scala/scala/pull/6128https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r10dd8e5b3bbe3bb531aa4a65472ce56f91efbb77ea9fe04bb8272e2c%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r18a05115cfa078c0f4e5c1ea2e8d64804f63e0095aa2174a3afecc0f%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r1d51eae81ceb7bfd1780936a48b460ab31d53ff2ed526a88a7f60fe4%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r32e0b1d5ff43ac3ed4b179a4e663022d1c5ccac77884a99ea149e633%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r33665e9213cc6df1e48c3d99d1b0c7a3203e9bd0ef4fc4ba838bcb04%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r3f10022ec972c8df29a950d1a591c16562eeddd9194d3010e46b9b76%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r5a1418a4f5101f5af3fc14bf358c54f2c7200e6a3701de2e2f581e1b%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r628ea3ea2fed4d9c1c5232a0b1ed108a15abc9fd2f0aaca1e8cc9164%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/re72f4d04dfc398aae0e38dbfeccf44780df2782623a610cbfcec6f3a%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rf57e4d7211b30e51803911304f3b7b54393f7a4bd60bb0784c31eec1%40%3Cjira.kafka.apache.org%3Ehttps://security.gentoo.org/glsa/201812-08http://scala-lang.org/news/security-update-nov17.htmlhttps://github.com/scala/scala/pull/6108https://github.com/scala/scala/pull/6120https://github.com/scala/scala/pull/6128https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r10dd8e5b3bbe3bb531aa4a65472ce56f91efbb77ea9fe04bb8272e2c%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r18a05115cfa078c0f4e5c1ea2e8d64804f63e0095aa2174a3afecc0f%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r1d51eae81ceb7bfd1780936a48b460ab31d53ff2ed526a88a7f60fe4%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r32e0b1d5ff43ac3ed4b179a4e663022d1c5ccac77884a99ea149e633%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r33665e9213cc6df1e48c3d99d1b0c7a3203e9bd0ef4fc4ba838bcb04%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r3f10022ec972c8df29a950d1a591c16562eeddd9194d3010e46b9b76%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r5a1418a4f5101f5af3fc14bf358c54f2c7200e6a3701de2e2f581e1b%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r628ea3ea2fed4d9c1c5232a0b1ed108a15abc9fd2f0aaca1e8cc9164%40%3Cdev.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/re72f4d04dfc398aae0e38dbfeccf44780df2782623a610cbfcec6f3a%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/rf57e4d7211b30e51803911304f3b7b54393f7a4bd60bb0784c31eec1%40%3Cjira.kafka.apache.org%3Ehttps://security.gentoo.org/glsa/201812-08
2017-11-15
Published