Vulnerability CVE-2018-12476

Vulnerability Name:

CVE-2018-12476 (CCN-175621)

Assigned:

2018-09-11

Published:

2018-09-11

Updated:

2020-02-05

Summary:

Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE Linux Enterprise Server 15; openSUSE Factory allows remote attackers with control over a repository to overwrite files on the machine of the local user if a malicious service is executed. This issue affects: SUSE Linux Enterprise Server 15 obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74:. openSUSE Factory obs-service-tar_scm versions prior to 0.9.2.1537788075.fefaa74.

CVSS v3 Severity:

7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): High Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

File Manipulation

References:

Source: MITRE
Type: CNA
CVE-2018-12476

Source: CCN
Type: Bugzilla - Bug 1107944
(CVE-2018-12476) VUL-0: CVE-2018-12476: obs-service-extract_file: outfilename parameter allows to write files outside of package directory

Source: CONFIRM
Type: Issue Tracking, Patch, Vendor Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1107944

Source: XF
Type: UNKNOWN
suse-cve201812476-dir-traversal(175621)

Source: CCN
Type: SUSE Web site
Open Source Solutions for Enterprise Servers, Cloud & Storage

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2018-12476

Vulnerable Configuration:

Configuration 1:

cpe:/a:suse:obs-service-tar_scm:*:*:*:*:*:*:*:* (Version < 0.9.2.1537788075.fefaa74)

AND

cpe:/o:suse:suse_linux_enterprise_server:15:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:suse:obs-service-tar_scm:*:*:*:*:*:*:*:* (Version < 0.9.2.1537788075.fefaa74)

AND

cpe:/o:suse:opensuse_factory:-:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:suse:linux_enterprise_server:-:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:201812476	V	CVE-2018-12476	2022-09-01
oval:org.opensuse.security:def:3353	P	rpcbind-0.2.3-24.9.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3365	P	shim-14-25.6.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:113047	P	obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:10442	P	Security update for java-1_8_0-ibm (Important) (in QA)	2022-01-04
oval:org.opensuse.security:def:10699	P	Security update for strongswan (Important)	2021-10-19
oval:org.opensuse.security:def:106487	P	obs-service-appimage-0.10.28.1632141620.a8837d3-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:11423	P	mozilla-nspr-32bit-4.10.7-1.13 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11401	P	libsmi-0.4.8-18.63 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:10674	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:51736	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:10599	P	Security update for MozillaThunderbird (Important)	2021-01-29
oval:org.opensuse.security:def:49142	P	Security update for slurm (Important)	2021-01-18
oval:org.opensuse.security:def:16937	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:4101	P	obs-service-appimage-0.10.6.1551887937.e42c270-1.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:2675	P	Security update for MozillaFirefox, mozilla-nspr and mozilla-nss (Important)	2020-12-02
oval:org.opensuse.security:def:2666	P	Security update for MozillaFirefox (Important)	2020-12-02
oval:org.opensuse.security:def:2715	P	Security update for ImageMagick (Moderate)	2020-12-02
oval:org.opensuse.security:def:2713	P	Security update for python (Important)	2020-12-02
oval:org.opensuse.security:def:2660	P	Security update for tiff (Moderate)	2020-12-02
oval:org.opensuse.security:def:2646	P	Security update for webkit2gtk3 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2634	P	Security update for exiv2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:2624	P	Security update for cni, cni-plugins, conmon, fuse-overlayfs, podman (Moderate)	2020-12-02
oval:org.opensuse.security:def:2705	P	Security update for webkit2gtk3 (Important)	2020-12-02
oval:org.opensuse.security:def:2628	P	Security update for cni-plugins (Moderate)	2020-12-02
oval:org.opensuse.security:def:2699	P	Security update for SDL2 (Moderate)	2020-12-02
oval:org.opensuse.security:def:10565	P	libxml2-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49160	P	libbsd-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50356	P	Security update for perl (Moderate)	2020-12-01
oval:org.opensuse.security:def:50131	P	nodejs12 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10518	P	libmms-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:51798	P	Security update for obs-service-tar_scm (Important)	2020-12-01
oval:org.opensuse.security:def:49893	P	pam-modules on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10472	P	libXp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10750	P	libjbig-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49736	P	dpkg on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10450	P	gstreamer-0_10-plugins-bad-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50460	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:50291	P	Security update for qemu (Moderate)	2020-12-01
oval:org.opensuse.security:def:49638	P	gvfs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50387	P	Security update for python3 (Moderate)	2020-12-01
oval:org.opensuse.security:def:49492	P	vino on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10741	P	libguestfs-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10580	P	openslp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49287	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:49141	P	libXdmcp-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:10763	P	libneon-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:50221	P	colord-gtk-lang on GA media (Moderate)	2020-12-01

BACK