CVE-2017-16659 - OpenCVE

The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script.

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Anti-spam Smtp Proxy Project	Anti-spam Smtp Proxy

Configuration 1 [-]

cpe:2.3:a:anti-spam_smtp_proxy_project:anti-spam_smtp_proxy:*:*:*:*:*:gentoo:*:*

References

Link	Resource
https://bugs.gentoo.org/629442	Issue Tracking Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:23:22

Updated: 2022-10-03T16:23:22

Reserved: 2022-10-03T00:00:00

Link: CVE-2017-16659

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-11-08T05:29:00.200

Modified: 2020-09-16T13:14:03.440

Link: CVE-2017-16659

JSON object: View

Redhat Information

No data.

CWE

CWE-732

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:anti-spam_smtp_proxy_project:anti-spam_smtp_proxy:*:*:*:*:*:gentoo:*:*", "matchCriteriaId": "DAC9FFE1-CAF7-40CF-BD73-7205D8186086", "versionEndIncluding": "1.9.8.13030", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows local users to gain privileges by leveraging access to the assp user account to install a Trojan horse /usr/share/assp/assp.pl script."}, {"lang": "es", "value": "El paquete mail-filter/assp de Gentoo en su versi\u00f3n 1.9.8.13030 y anteriores permite que usuarios locales obtengan privilegios aprovechando el acceso a la cuenta de usuario assp para instalar un script troyano /usr/share/assp/assp.pl."}], "id": "CVE-2017-16659", "lastModified": "2020-09-16T13:14:03.440", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-11-08T05:29:00.200", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.gentoo.org/629442"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "nvd@nist.gov", "type": "Primary"}]}