SB2018041060 - Fedora 27 update for pcs
Published: April 10, 2018 Updated: April 24, 2025
Security Bulletin ID
SB2018041060
Severity
Low
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2018-1086)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The weakness exists in the REST interface due to debug parameter removal bypass. A remote attacker can gain access to potentially sensitive information.
2) Privilege escalation (CVE-ID: CVE-2018-1079)
The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.The weakness exists in the REST interface of the pcsd service due improper sanitization of the file name from the /remote/put_file query. A remote attacker can create or overwrite arbitrary files with arbitrary data outside of the /etc/booth directory, in the context of the pcsd process and gain root privileges.
Remediation
Install update from vendor's website.