GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu Jun 14, 2018 4:26 am Post subject: [ glsa 201806-03 ] burp |
 |
|
Gentoo Linux Security Advisory
Title: BURP: Multiple vulnerabilities (GLSA 201806-03)
Severity: normal
Exploitable: remote
Date: 2018-06-13
Bug(s): #628770, #641842
ID: 201806-03
Synopsis
Multiple vulnerabilities were discovered in BURP's Gentoo ebuild,
the worst of which could lead to root privilege escalation.
Background
A network backup and restore program.
Affected Packages
Package: app-backup/burp
Vulnerable: < 2.1.32
Unaffected: >= 2.1.32
Architectures: All supported architectures
Description
It was discovered that Gentoo’s BURP ebuild does not properly set
permissions or place the pid file in a safe directory.
Impact
A local attacker could escalate privileges.
Workaround
Users should ensure the proper permissions are set as discussed in the
referenced bugs.
Resolution
All BURP users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-backup/burp-2.1.32"
|
References
CVE-2017-18284
CVE-2017-18285 |
|
News & Announcements
