Main Vulnerability Database SB2018090638

SB2018090638 - Path traversal in xen (Alpine package)

Published: September 6, 2018

Security Bulletin ID SB2018090638

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Path traversal (CVE-ID: CVE-2018-14007)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The vulnerability exists due to path traversal. An adjacent attacker can conduct directory traversal attack and read arbitrary files from the dom0 filesystem including the pool secret /etc/xensource/ptoken which grants the attacker full administrator.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=74dce6e0451466b8eb5078660886cc226f9704f4