CVE-2015-1378

moderate-risk
Published 2017-08-07

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.

Do I need to act?

-
0.40% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (10)

Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap
Grml-Debootstrap

Affected Vendors

Grml

References (10)

Third Party Advisory http://cve.killedkenny.io/cve/CVE-2015-1378
Mailing List http://www.openwall.com/lists/oss-security/2015/01/27/17
Issue Tracking https://github.com/grml/grml-debootstrap/issues/59
Third Party Advisory https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1378.html
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2015-1378/
Third Party Advisory http://cve.killedkenny.io/cve/CVE-2015-1378
Mailing List http://www.openwall.com/lists/oss-security/2015/01/27/17
Issue Tracking https://github.com/grml/grml-debootstrap/issues/59
Third Party Advisory https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1378.html
Third Party Advisory https://security-tracker.debian.org/tracker/CVE-2015-1378/
43
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 1/34 · Minimal
Exposure 16/34 · Moderate