Vulnerability CVE-2015-0794

Vulnerability Name:

CVE-2015-0794 (CCN-109463)

Assigned:

2015-06-19

Published:

2015-06-19

Updated:

2020-10-05

Summary:

modules.d/90crypt/module-setup.sh in the dracut package before 037-17.30.1 in openSUSE 13.2 allows local users to have unspecified impact via a symlink attack on /tmp/dracut_block_uuid.map.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
4.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-59

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2015-0794

Source: MLIST
Type: Mailing List, Third Party Advisory
[opensuse-bugs] 20150619 [Bug 935338] dracut uses hardcoded /tmp/dracut_block_uuid.map filename - symlink attack

Source: CCN
Type: openSUSE Bug 935338
VUL-0: CVE-2015-0794: dracut: uses hardcoded /tmp/dracut_block_uuid.map filename symlink attack

Source: MLIST
Type: Mailing List, Third Party Advisory
[opensuse-bugs] 20150619 [Bug 935338] VUL-0: CVE-2015-0794: dracut: uses hardcoded /tmp/dracut_block_uuid.map filename - symlink attack

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2015:2022

Source: XF
Type: UNKNOWN
opensuse-cve20150794-symlink(109463)

Source: CCN
Type: openSUSE Web site
The makers' choice for sysadmins, developers and desktop users.

Vulnerable Configuration:

Configuration 1:

cpe:/a:dracut_project:dracut:*:*:*:*:*:*:*:* (Version < 037-17.30.1)

AND

cpe:/o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20150794	V	CVE-2015-0794	2022-09-02
oval:org.opensuse.security:def:40424	P	Security update for kvm (Moderate)	2021-08-19
oval:org.opensuse.security:def:19610	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:11455	P	rsyslog-8.4.0-2.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11616	P	libksba8-1.3.0-9.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11474	P	wdiff-1.2.1-3.64 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11625	P	libmusicbrainz4-2.1.5-27.86 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11549	P	gnutls-3.2.15-11.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11638	P	libpulse-mainloop-glib0-32bit-5.0-2.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11574	P	libX11-6-1.6.2-4.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12276	P	libthai-data-0.1.25-4.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11325	P	java-1_7_0-openjdk-1.7.0.65-3.7 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12298	P	logrotate-3.11.0-1.15 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11347	P	libXv1-1.0.10-3.57 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11393	P	libpython2_7-1_0-2.7.7-2.36 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11317	P	gpgme-1.5.1-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11440	P	perl-YAML-LibYAML-0.38-7.61 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:40996	P	Security update for wpa_supplicant (Moderate)	2021-02-22
oval:org.opensuse.security:def:18517	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:41041	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:52759	P	Security update for the Linux Kernel (Live Patch 12 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:53997	P	libXRes1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40704	P	Security update for openssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:55558	P	Security update for evolution-data-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:18603	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:41070	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:52781	P	Security update for the Linux Kernel (Live Patch 14 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:18474	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:40880	P	Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:55632	P	Security update for dracut (Moderate)	2020-12-01
oval:org.opensuse.security:def:18661	P	Security update for python-cryptography, python-pyOpenSSL (Important)	2020-12-01
oval:org.opensuse.security:def:41121	P	Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:52921	P	Security update for the Linux Kernel (Live Patch 5 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:40169	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:40944	P	Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:18695	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:41759	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:53159	P	Security update for python-pip (Important)	2020-12-01
oval:org.opensuse.security:def:40180	P	Security update for Linux Kernel Live Patch 15 for SLE 12 SP1 (Important)	2020-12-01
oval:org.opensuse.security:def:18936	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:52758	P	Security update for the Linux Kernel (Live Patch 13 for SLE 15) (Important)	2020-12-01
oval:org.opensuse.security:def:18733	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:41804	P	Security update for dracut (Moderate)	2020-12-01
oval:org.opensuse.security:def:53332	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:40272	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:18948	P	Security update for postgresql10 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54089	P	openslp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18845	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:53438	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18972	P	Security update for expat (Moderate)	2020-12-01
oval:org.opensuse.security:def:54163	P	busybox on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:40168	P	Security update for MozillaFirefox, mozilla-nss (Important)	2020-12-01
oval:org.opensuse.security:def:18878	P	Security update for soundtouch (Moderate)	2020-12-01
oval:org.opensuse.security:def:53604	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:40533	P	Security update for texlive (Important)	2020-12-01
oval:org.opensuse.security:def:54201	P	gdk-pixbuf-lang on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18482	P	Security update for libapr-util1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:53889	P	Security update for MozillaThunderbird (Important)	2020-12-01
oval:org.opensuse.security:def:40602	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:19636	P	Security update for dracut (Moderate)	2020-12-01
oval:org.opensuse.security:def:54282	P	libmikmod3 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:78266	P	Security update for dracut (Moderate)	2015-11-20
oval:com.ubuntu.cosmic:def:201507940000000	V	CVE-2015-0794 on Ubuntu 18.10 (cosmic) - low.	2015-11-19
oval:com.ubuntu.artful:def:20150794000	V	CVE-2015-0794 on Ubuntu 17.10 (artful) - low.	2015-11-19
oval:com.ubuntu.trusty:def:20150794000	V	CVE-2015-0794 on Ubuntu 14.04 LTS (trusty) - low.	2015-11-19
oval:com.ubuntu.bionic:def:201507940000000	V	CVE-2015-0794 on Ubuntu 18.04 LTS (bionic) - low.	2015-11-19
oval:com.ubuntu.bionic:def:20150794000	V	CVE-2015-0794 on Ubuntu 18.04 LTS (bionic) - low.	2015-11-19
oval:com.ubuntu.xenial:def:20150794000	V	CVE-2015-0794 on Ubuntu 16.04 LTS (xenial) - low.	2015-11-19
oval:com.ubuntu.xenial:def:201507940000000	V	CVE-2015-0794 on Ubuntu 16.04 LTS (xenial) - low.	2015-11-19
oval:com.ubuntu.cosmic:def:20150794000	V	CVE-2015-0794 on Ubuntu 18.10 (cosmic) - low.	2015-11-19
oval:com.ubuntu.precise:def:20150794000	V	CVE-2015-0794 on Ubuntu 12.04 LTS (precise) - low.	2015-11-19

BACK