CVE-2017-2390

NameCVE-2017-2390
DescriptionAn issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
NVD severitylow (attack range: local)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libarchive (PTS)wheezy3.0.4-3+wheezy1undetermined
wheezy (security)3.0.4-3+wheezy5+deb7u1undetermined
jessie (security), jessie3.1.2-11+deb8u3undetermined
buster, sid, stretch3.2.2-2undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libarchivesource(unstable)undeterminedlow

Search for package or bug name: Reporting problems