7.5

CVE-2016-7162

Exploit
The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CanonicalUbuntu Linux Version14.04 SwEditionlts
CanonicalUbuntu Linux Version16.04 SwEditionlts
File Roller ProjectFile Roller Version3.5.4 SwPlatformgnome
File Roller ProjectFile Roller Version3.6.0 SwPlatformgnome
File Roller ProjectFile Roller Version3.6.1 SwPlatformgnome
File Roller ProjectFile Roller Version3.6.1.1 SwPlatformgnome
File Roller ProjectFile Roller Version3.6.2 SwPlatformgnome
File Roller ProjectFile Roller Version3.6.3 SwPlatformgnome
File Roller ProjectFile Roller Version3.6.4 SwPlatformgnome
File Roller ProjectFile Roller Version3.8.0 SwPlatformgnome
File Roller ProjectFile Roller Version3.8.1 SwPlatformgnome
File Roller ProjectFile Roller Version3.8.2 SwPlatformgnome
File Roller ProjectFile Roller Version3.8.3 SwPlatformgnome
File Roller ProjectFile Roller Version3.9.0 SwPlatformgnome
File Roller ProjectFile Roller Version3.9.1 SwPlatformgnome
File Roller ProjectFile Roller Version3.9.2 SwPlatformgnome
File Roller ProjectFile Roller Version3.9.3 SwPlatformgnome
File Roller ProjectFile Roller Version3.10 SwPlatformgnome
File Roller ProjectFile Roller Version3.15 SwPlatformgnome
File Roller ProjectFile Roller Version3.20 SwPlatformgnome
File Roller ProjectFile Roller Version3.20.1 SwPlatformgnome
File Roller ProjectFile Roller Version3.20.2 SwPlatformgnome
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.33% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news
Third Party Advisory
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news
Broken Link
http://www.openwall.com/lists/oss-security/2016/09/08/4
Third Party Advisory
Mailing List
http://www.securityfocus.com/bid/92896
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3074-1
Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=698554
Exploit
Issue Tracking
https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5
Patch