SB2017080782 - Improper access control in lxterminal (Alpine package)
Published: August 7, 2017
Security Bulletin ID
SB2017080782
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper access control (CVE-ID: CVE-2016-10369)
The vulnerability allows a local authenticated user to execute arbitrary code.
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=dff722fdcbebb760aaab8ad205e70efb2baa8683
- https://git.alpinelinux.org/aports/commit/?id=31d7be985845ca15592e3a88182e7420df7c46ac
- https://git.alpinelinux.org/aports/commit/?id=1e49fb2fed3a645ef6f77d40314c8aab20c8fa6a
- https://git.alpinelinux.org/aports/commit/?id=97e7d09049dceb574b2782f30cecddd31b2e7b3a