Main Vulnerability Database SB2017071719

SB2017071719 - Race condition in TheLocehiliosan yadm

Published: July 17, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017071719

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Race condition (CVE-ID: CVE-2017-11353)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

yadm (yet another dotfile manager) 1.10.0 has a race condition (related to the behavior of git commands in setting permissions for new files and directories), which potentially allows access to SSH and PGP keys.

Remediation

Install update from vendor's website.

References

https://bugs.debian.org/868300
https://github.com/TheLocehiliosan/yadm/issues/74