oss-sec mailing list archives
CVE-2017-8921: directory traversal vulnerability in FlightGear
From: Florent Rougon <f.rougon () free fr>
Date: Fri, 12 May 2017 22:45:05 +0200
Hi, Here is the info for CVE-2017-8921: [Suggested description] In FlightGear before 2017.2.1, the FGCommand interface allows overwriting any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). A resource such as a malicious third-party aircraft could exploit this to damage files belonging to the user. Both this issue and CVE-2016-9956 are directory traversal vulnerabilities in Autopilot/route_mgr.cxx - this one exists because of an incomplete fix for CVE-2016-9956. ------------------------------------------ [Additional Information] We are not aware of any such malicious resource. The fix will be in FlightGear 2017.2.1 (expected in 1 or 2 weeks before the vulnerability was found). There may be a stable update too meanwhile (2017.1.4) with the fix, but I can't guarantee if so, and when. This is not a duplicate of CVE-2016-9956. ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] FlightGear (http://flightgear.org/) ------------------------------------------ [Affected Product Code Base] FlightGear - Affected: releases earlier than 2017.2.1. Fixed in 'next' branch (commit faf872e7f71ca14c567ac7080561fc785d8d2fd0), currently referred to as FlightGear 2017.2.0 (this is *not* a release). ------------------------------------------ [Affected Component] source file: src/Autopilot/route_mgr.cxx in the FlightGear repository, executable: fgfs ------------------------------------------ [Attack Type] Local ------------------------------------------ [CVE Impact Other] Allows to overwrite any file the user has write access to, but not with arbitrary data: only with the contents of a FlightGear flightplan (XML). ------------------------------------------ [Attack Vectors] Trick users into installing a resource that, when run, can execute arbitrary FGCommands. For instance, a malicious third-party aircraft could do that. ------------------------------------------ [Reference] https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ ------------------------------------------ [Has vendor confirmed or acknowledged the vulnerability?] true ------------------------------------------ [Discoverer] Rebecca N. Palmer (FlightGear developer)
Attachment:
signature.asc
Description:
Current thread:
- CVE-2017-8921: directory traversal vulnerability in FlightGear Florent Rougon (May 12)