← voltar
CVE-2017-15288

CVE-2017-15288

EPSS 0.4%
The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, and 2.12.x before 2.12.4 uses weak permissions for private files in /tmp/scala-devel/${USER:shared}/scalac-compile-server-port, which allows local users to write to arbitrary class files and consequently gain privileges.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://scala-lang.org/news/security-update-nov17.htmlhttps://github.com/scala/scala/pull/6108https://github.com/scala/scala/pull/6120https://github.com/scala/scala/pull/6128https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932885459b74d1e4272%40%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Ehttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Ehttps://lists.apache.org/thread.html/r10dd8e5b3bbe3bb531aa4a65472ce56f91efbb77ea9fe04bb8272e2c%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r18a05115cfa078c0f4e5c1ea2e8d64804f63e0095aa2174a3afecc0f%40%3Cjira.kafka.apache.org%3Ehttps://lists.apache.org/thread.html/r1d51eae81ceb7bfd1780936a48b460ab31d53ff2ed526a88a7f60fe4%40%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/r32e0b1d5ff43ac3ed4b179a4e663022d1c5ccac77884a99ea149e633%40%3Ccommits.druid.apache.org%3E