The route manager in FlightGear before 2016.4.4 allows remote attackers to write to arbitrary files via a crafted Nasal script.
References
Link | Resource |
---|---|
http://www.debian.org/security/2016/dsa-3742 | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/12/14/11 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/12/15/10 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/12/16/5 | Mailing List Third Party Advisory |
http://www.securityfocus.com/bid/94945 | Third Party Advisory VDB Entry |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BZKAN7V6UOHSRFWO567XMN4O6WXTSL32/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DB3B5XBB2NL2O2U4WNYGH7ZL45Q4UHGG/ | |
https://sourceforge.net/p/flightgear/flightgear/ci/280cd523686fbdb175d50417266d2487a8ce67d2/ | Issue Tracking Patch Third Party Advisory |
https://sourceforge.net/projects/flightgear/files/release-2016.4/ | Patch Release Notes Third Party Advisory |
https://usn.ubuntu.com/4588-1/ |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: debian
Published: 2017-02-22T16:00:00
Updated: 2020-10-22T15:06:24
Reserved: 2016-12-15T00:00:00
Link: CVE-2016-9956
JSON object: View
NVD Information
Status : Modified
Published: 2017-02-22T16:59:00.490
Modified: 2023-11-07T02:37:39.917
Link: CVE-2016-9956
JSON object: View
Redhat Information
No data.
CWE