CVE-2015-3248

NameCVE-2015-3248
Descriptionopenhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions for /var/lib/openhpi directory, which allows local users, when quotas are not properly setup, to fill the filesystem hosting /var/lib and cause a denial of service (disk consumption).
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
openhpi (PTS)wheezy2.14.1-1.2fixed
jessie2.14.1-1.4fixed
stretch3.6.1-2.2fixed
buster, sid3.6.1-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
openhpisource(unstable)(not affected)

Notes

- openhpi <not-affected> (Only affects RPM packaging, in Debian directory is not world-writable, bug #789543)

Search for package or bug name: Reporting problems