CVE-2017-15108
N/A
N/A
Summary
spice-vdagent up to and including 0.17.0 does not properly escape save directory before passing to shell, allowing local attacker with access to the session the agent runs in to inject arbitrary commands to be executed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | spice-vdagent | up to and including 0.17.0 | affected |
Weaknesses
- CWE-78: CWE-78
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201804-09
- https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
- https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html
References
- https://security.gentoo.org/glsa/201804-09
- https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
- https://lists.debian.org/debian-lts-announce/2021/01/msg00012.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.