#VU33080 Path traversal - CVE-2015-5199

Cybersecurity Help s.r.o.

Published: 2015-09-08 | Updated: 2020-08-03

Vulnerability identifier: #VU33080

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2015-5199

CWE-ID: CWE-22

Exploitation vector: Local

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences in dlopen in libvdpau before 1.1.1. A remote authenticated attacker can send a specially crafted HTTP request and local users to gain privileges via the VDPAU_DRIVER environment variable.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links
https://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html
https://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html
https://lists.x.org/archives/xorg-announce/2015-August/002630.html
https://www.debian.org/security/2015/dsa-3355
https://www.securityfocus.com/bid/76636
https://www.ubuntu.com/usn/USN-2729-1
https://bugzilla.redhat.com/show_bug.cgi?id=1253826

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Fedora 21 update for libvdpau

Path traversal in libvdpau (Alpine package)

Fedora 22 update for libvdpau

Fedora 23 update for libvdpau

Fedora 21 update for libvdpau