CVE-2016-1505 - OpenCVE

The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Microsoft	Windows
Radicale	Radicale

Configuration 1 [-]

AND

cpe:2.3:a:radicale:radicale:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2016/01/05/7
http://www.openwall.com/lists/oss-security/2016/01/06/4
http://www.openwall.com/lists/oss-security/2016/01/06/7
http://www.openwall.com/lists/oss-security/2016/01/07/7
http://www.securityfocus.com/bid/80255
https://github.com/Kozea/Radicale/pull/343	Patch
https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2016-02-03T15:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-01-07T00:00:00

Link: CVE-2016-1505

JSON object: View

NVD Information

Status : Modified

Published: 2016-02-03T18:59:07.807

Modified: 2016-11-28T19:59:55.070

Link: CVE-2016-1505

JSON object: View

Redhat Information

No data.

CWE

CWE-21

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20160106 Re: CVE request for radicale", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/06/7"}, {"name": "80255", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/80255"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6"}, {"name": "[oss-security] 20160105 CVE request for radicale", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/05/7"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Kozea/Radicale/pull/343"}, {"name": "[oss-security] 20160106 Re: CVE request for radicale", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/06/4"}, {"name": "[oss-security] 20160107 Re: CVE request for radicale", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/01/07/7"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-1505", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20160106 Re: CVE request for radicale", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/06/7"}, {"name": "80255", "refsource": "BID", "url": "http://www.securityfocus.com/bid/80255"}, {"name": "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6", "refsource": "CONFIRM", "url": "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6"}, {"name": "[oss-security] 20160105 CVE request for radicale", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/05/7"}, {"name": "https://github.com/Kozea/Radicale/pull/343", "refsource": "CONFIRM", "url": "https://github.com/Kozea/Radicale/pull/343"}, {"name": "[oss-security] 20160106 Re: CVE request for radicale", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/06/4"}, {"name": "[oss-security] 20160107 Re: CVE request for radicale", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/01/07/7"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-1505", "datePublished": "2016-02-03T15:00:00", "dateReserved": "2016-01-07T00:00:00", "dateUpdated": "2016-11-25T19:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:radicale:radicale:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DEE81B3-0AB4-4246-9FE5-DD483A5157A2", "versionEndIncluding": "1.0.1", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore."}, {"lang": "es", "value": "El backened de almacenamiento del sistema de archivos en Radicale en versiones anteriores a 1.1 en Windows permite a atacantes remotos leer o escribir en archivos arbitrarios a trav\u00e9s de una ruta manipulada, seg\u00fan lo demostrado por /c:/file/ignore."}], "id": "CVE-2016-1505", "lastModified": "2016-11-28T19:59:55.070", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.8, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2016-02-03T18:59:07.807", "references": [{"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/05/7"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/06/4"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/06/7"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2016/01/07/7"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/80255"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/Kozea/Radicale/pull/343"}, {"source": "cve@mitre.org", "url": "https://github.com/Unrud/Radicale/commit/b4b3d51f33c7623d312f289252dd7bbb8f58bbe6"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-21"}], "source": "nvd@nist.gov", "type": "Primary"}]}