CVE-2017-14804 - OpenCVE

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Suse	Linux Enterprise Software Development Kit
Opensuse	Leap

Configuration 1 [-]

OR	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3::::::

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:leap:42.2:::::::*
	cpe:2.3:o:opensuse:leap:42.3:::::::*

References

Link	Resource
https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html
https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html
https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: microfocus

Published: 2017-12-08T00:00:00

Updated: 2021-01-06T16:15:51

Reserved: 2017-09-27T00:00:00

Link: CVE-2017-14804

JSON object: View

NVD Information

Status : Modified

Published: 2018-03-01T20:29:00.413

Modified: 2023-11-07T02:39:13.180

Link: CVE-2017-14804

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "build", "vendor": "SUSE", "versions": [{"lessThanOrEqual": "20171128", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Marcus H\u00fcwe"}], "datePublic": "2017-12-08T00:00:00", "descriptions": [{"lang": "en", "value": "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots."}], "exploits": [{"lang": "en", "value": "Can be found in https://bugzilla.suse.com/show_bug.cgi?id=1069904"}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"description": "Insufficient pathname checking could use to bypass directory restrictions.", "lang": "en", "type": "text"}]}, {"descriptions": [{"cweId": "CWE-22", "description": "CWE-22", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-01-06T16:15:51", "orgId": "f81092c5-7f14-476d-80dc-24857f90be84", "shortName": "microfocus"}, "references": [{"name": "SUSE-SU-2017:3253", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"name": "SUSE-SU-2018:0065", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}, {"name": "openSUSE-SU-2017:3259", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}], "source": {"advisory": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", "defect": ["https://bugzilla.suse.com/show_bug.cgi?id=1069904"], "discovery": "EXTERNAL"}, "title": "package builds could use directory traversal to write outside of target area", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@microfocus.com", "DATE_PUBLIC": "2017-12-08T00:00:00.000Z", "ID": "CVE-2017-14804", "STATE": "PUBLIC", "TITLE": "package builds could use directory traversal to write outside of target area"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "build", "version": {"version_data": [{"affected": "<=", "version_affected": "<=", "version_value": "20171128"}]}}]}, "vendor_name": "SUSE"}]}}, "credit": [{"lang": "eng", "value": "Marcus H\u00fcwe"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots."}]}, "exploit": [{"lang": "en", "value": "Can be found in https://bugzilla.suse.com/show_bug.cgi?id=1069904"}], "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Insufficient pathname checking could use to bypass directory restrictions."}]}, {"description": [{"lang": "eng", "value": "CWE-22"}]}]}, "references": {"reference_data": [{"name": "SUSE-SU-2017:3253", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"name": "SUSE-SU-2018:0065", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}, {"name": "openSUSE-SU-2017:3259", "refsource": "SUSE", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}]}, "source": {"advisory": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html", "defect": ["https://bugzilla.suse.com/show_bug.cgi?id=1069904"], "discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "f81092c5-7f14-476d-80dc-24857f90be84", "assignerShortName": "microfocus", "cveId": "CVE-2017-14804", "datePublished": "2017-12-08T00:00:00", "dateReserved": "2017-09-27T00:00:00", "dateUpdated": "2021-01-06T16:15:51", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "D41A798E-0D69-43C7-9A63-1E5921138EAC", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp2:*:*:*:*:*:*", "matchCriteriaId": "5F150BD9-4B94-42D3-9E14-58665B7FF220", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_software_development_kit:12:sp3:*:*:*:*:*:*", "matchCriteriaId": "B779A4B4-0721-4F4C-B3BD-C640BEAB2463", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots."}, {"lang": "es", "value": "El paquete de build anterior a 20171128 no comprob\u00f3 nombres de directorio durante la extracci\u00f3n de resultados de build que permit\u00edan que builds no fiables escribiesen en el sistema objetivo. Esto provocaba el escape fuera de los buildroots."}], "id": "CVE-2017-14804", "lastModified": "2023-11-07T02:39:13.180", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security@opentext.com", "type": "Secondary"}]}, "published": "2018-03-01T20:29:00.413", "references": [{"source": "security@opentext.com", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00024.html"}, {"source": "security@opentext.com", "url": "https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00025.html"}, {"source": "security@opentext.com", "url": "https://lists.opensuse.org/opensuse-security-announce/2018-01/msg00030.html"}], "sourceIdentifier": "security@opentext.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@opentext.com", "type": "Secondary"}]}