NVD

Id
83807  
Name
CVE-2017-6964  
Description
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.  
Reject
 
CVSS Version
2  
CVSS Score
7.2  
Severity
High  
CVSS Base Score
7.2  
CVSS Impact Subscore
10  
CVSS Exploit Subscore
3.9  
CVSS Vector
(AV:L/AC:L/Au:N/C:C/I:C/A:C)  
Pub Date
2017-04-27  
Published
2017-03-27  
Modified Date
2017-04-07  
Seq
2017-6964  

Actions

Related NVD References

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
66468 JVNDB-2017-002806 Debian および Ubuntu におけるエラー処理に関する脆弱性 Debian および Ubuntu には、エラー処理に関する脆弱性が存在します。 CVE-2017-6964 0 CVE-2017-6964 83807 7.2 7.8 http://jvndb.jvn.jp/ja/contents/2017/JVNDB-2017-002806.html 2017-03-27 2017-04-28 View