Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-15108

spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.

Published

2018-01-20T00:29:00.407

Last Modified

2024-11-21T03:14:05.393

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-78
Type: Secondary
CWE-78

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	spice-space	spice-vdagent	≤ 0.17.0	Yes
Operating System	debian	debian_linux	9.0	Yes

References

https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 Patch, Third Party Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html Mailing List, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201804-09 Third Party Advisory ([email protected])
https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201804-09 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)