CVE-2022-2787 — Improper Preservation of Permissions in Schroot

CWE-281 — Improper Preservation of Permissions5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.4%

top 39.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Schroot Debian Linux

Timeline

PublishedAug 27

Latest updateAug 29

Description

Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages4 packages

▶CVEListV5debian/schrootunspecified — 1.6.13

▶NVDdebian/schroot< 1.6.13

▶debiandebian/schroot< schroot 1.6.12-2 (bookworm)

▶Debiandebian/schroot< 1.6.10-12+deb11u1+3

Also affects: Debian Linux 10.0, 11.0

Patches

Patch: codeberg.org ↗Patch: codeberg.org ↗

🔴Vulnerability Details

GHSA

GHSA-pmr6-f78j-pq2c: Schroot before 1↗2022-08-28

▶

OSV

CVE-2022-2787: Schroot before 1↗2022-08-27

▶

📋Vendor Advisories

Ubuntu

Schroot vulnerability↗2022-08-29

▶

Debian

CVE-2022-2787: schroot - Schroot before 1.6.13 had too permissive rules on chroot or session names, allow...↗2022

▶