Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU35044
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-7810
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
libbluray MountManager class has a time-of-check time-of-use (TOCTOU) race when expanding JAR files
MitigationInstall update from vendor's website.
Vulnerable software versionslibbluray: 0.2.1 - 0.7.0
External linkshttp://www.openwall.com/lists/oss-security/2015/10/12/7
http://www.securityfocus.com/bid/72769
http://access.redhat.com/security/cve/cve-2015-7810
http://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-7810
http://security-tracker.debian.org/tracker/CVE-2015-7810
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.