The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change.
References
Link | Resource |
---|---|
https://bugs.gentoo.org/641842 | Issue Tracking Third Party Advisory |
https://security.gentoo.org/glsa/201806-03 | Vendor Advisory |
https://security.gentoo.org/glsa/201904-05 |
Configurations
Configuration 1 (hide)
AND |
|
History
No history.
Information
Published : 2018-06-04 06:29
Updated : 2024-02-28 16:25
NVD link : CVE-2017-18285
Mitre link : CVE-2017-18285
CVE.ORG link : CVE-2017-18285
JSON object : View
Products Affected
gentoo
- linux
burp_project
- burp
CWE
CWE-732
Incorrect Permission Assignment for Critical Resource