openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).
References
Link | Resource |
---|---|
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168841.html | Third Party Advisory |
http://openhpi.org/Changelogs/3.6.0 | Release Notes Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1233521 | Issue Tracking Third Party Advisory VDB Entry |
Configurations
History
12 Feb 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption). |
02 Feb 2023, 14:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | It was found that the "/var/lib/openhpi" directory provided by OpenHPI used world-writeable and world-readable permissions. A local user could use this flaw to view, modify, and delete OpenHPI-related data, or even fill up the storage device hosting the /var/lib directory. |
Information
Published : 2017-09-26 15:29
Updated : 2023-12-10 12:15
NVD link : CVE-2015-3248
Mitre link : CVE-2015-3248
CVE.ORG link : CVE-2015-3248
JSON object : View
Products Affected
openhpi
- openhpi
CWE
CWE-400
Uncontrolled Resource Consumption