CVE-2015-0796

Summary

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.

Affected Software

VendorProductVersion RangeStatus
SUSEopen build service2.6 < 2.6.3affected
SUSEopen build service2.5 < 2.5.7affected
SUSEopen build service2.4 < 2.4.8affected

Weaknesses

  • creation of non-standard files
  • CWE-434: CWE-434

ADP Enrichment

CVE Program Container

Additional References

References