CVE-2017-9780
published 2017-06-21CVE-2017-9780: In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or…
PriorityP336high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.36%
27.4th percentile
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | flatpak | < flatpak 0.8.7-1 (bookworm) | flatpak 0.8.7-1 (bookworm) |
| flatpak | flatpak | <= 0.8.6 | — |
| flatpak | flatpak | >= 0 < 0.8.7-1 | 0.8.7-1 |
| flatpak | flatpak | >= 0 < 0.8.7-1 | 0.8.7-1 |
| flatpak | flatpak | >= 0 < 0.8.7-1 | 0.8.7-1 |
| flatpak | flatpak | >= 0 < 0.8.7-1 | 0.8.7-1 |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_debian7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
flatpak: Privilege escalation via setuid/world-writable file permissions
vendor_redhat·2017-06-12·CVSS 7.8
CVE-2017-9780 [HIGH] CWE-270 flatpak: Privilege escalation via setuid/world-writable file permissions
flatpak: Privilege escalation via setuid/world-writable file permissions
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
Package: flatpak (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2017-9780: flatpak - In Flatpak before 0.8.7, a third-party app repository could include malicious ap...
vendor_debian·2017·CVSS 7.8
CVE-2017-9780 [HIGH] CVE-2017-9780: flatpak - In Flatpak before 0.8.7, a third-party app repository could include malicious ap...
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
Scope: local
bookworm: resolved (fixed in 0.8.7-1)
bullseye: resolved (fixed in 0.8.7-1)
forky: resolved (fixed in 0.8.7-1)
sid: resolved (fixed in 0.8.7-1)
trixie: resolved (fixed in 0.8.7-1)
GHSA
GHSA-jchq-9f4q-gvc5: In Flatpak before 0
ghsa_unreviewed·2022-05-13
CVE-2017-9780 [HIGH] CWE-732 GHSA-jchq-9f4q-gvc5: In Flatpak before 0
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
OSV
CVE-2017-9780: In Flatpak before 0
osv·2017-06-21·CVSS 7.8
CVE-2017-9780 [HIGH] CVE-2017-9780: In Flatpak before 0
In Flatpak before 0.8.7, a third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions
bugzilla·2017-06-26·CVSS 7.8
CVE-2017-9780 [HIGH] CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions
CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions
A vulnerability was found in Flatpak. A third-party app repository could include malicious apps that contain files with inappropriate permissions, for example setuid or world-writable. The files are deployed with those permissions, which would let a local attacker run the setuid executable or write to the world-writable location. In the case of the "system helper" component, files deployed as part of the app are owned by root, so in the worst case they could be setuid root.
Upstream issue:
https://github.com/flatpak/flatpak/issues/845
Discussion:
Acknowledgments:
Name: Colin Walters (Red Hat)
---
Created flatpak tracking bugs for this issue:
Affects: fedora-24 [bug 1465027]
---
References:
ht
Bugzilla
CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions [fedora-24]
bugzilla·2017-06-26·CVSS 7.8
CVE-2017-9780 [HIGH] CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions [fedora-24]
CVE-2017-9780 flatpak: Privilege escalation via setuid/world-writable file permissions [fedora-24]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-24.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Use the following t
http://www.debian.org/security/2017/dsa-3895http://www.securityfocus.com/bid/99346https://bugs.debian.org/865413https://github.com/flatpak/flatpak/issues/845http://www.debian.org/security/2017/dsa-3895http://www.securityfocus.com/bid/99346https://bugs.debian.org/865413https://github.com/flatpak/flatpak/issues/845
2017-06-21
Published