2017-08-19
ALT-BU-2017-3309-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Published: 2017-08-18
BDU:2018-00104
Уязвимость программного средства для редактирования файлов конфигурации Augeas, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2017-08-17
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2017-7555
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Severity: CRITICAL (9.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.debian.org/security/2017/dsa-3949
- http://www.securityfocus.com/bid/100378
- https://access.redhat.com/errata/RHSA-2017:2788
- https://access.redhat.com/errata/RHSA-2019:2403
- https://github.com/hercules-team/augeas/pull/480
- https://puppet.com/security/cve/cve-2017-7555
- http://www.debian.org/security/2017/dsa-3949
- http://www.securityfocus.com/bid/100378
- https://access.redhat.com/errata/RHSA-2017:2788
- https://access.redhat.com/errata/RHSA-2019:2403
- https://github.com/hercules-team/augeas/pull/480
- https://puppet.com/security/cve/cve-2017-7555
Closed bugs
Находится не в том разделе меню