Candidate: CVE-2015-3248
PublicDate: 2017-09-26 15:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3248
 https://bugzilla.redhat.com/show_bug.cgi?id=1233520
 http://openhpi.org/Changelogs/3.6.0
Description:
 openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable permissions
 for /var/lib/openhpi directory, which allows local users, when quotas are
 not properly setup, to fill the filesystem hosting /var/lib and cause a
 denial of service (disk consumption).
Ubuntu-Description:
Notes:
 sbeattie> directory is world-readable but not world-writable in
   debian/ubuntu.
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789543
 http://sourceforge.net/p/openhpi/bugs/1883/
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H [4.7 MEDIUM]

Patches_openhpi:
 upstream: http://sourceforge.net/p/openhpi/code/7638
upstream_openhpi: released (3.6.0)
precise_openhpi: ignored (reached end-of-life)
precise/esm_openhpi: ignored (end of ESM support, was needs-triage)
trusty_openhpi: ignored (reached end-of-life)
trusty/esm_openhpi: needs-triage
vivid_openhpi: ignored (reached end-of-life)
vivid/stable-phone-overlay_openhpi: DNE
vivid/ubuntu-core_openhpi: DNE
wily_openhpi: ignored (reached end-of-life)
xenial_openhpi: ignored (end of standard support, was needs-triage)
esm-infra/xenial_openhpi: needs-triage
yakkety_openhpi: ignored (reached end-of-life)
zesty_openhpi: ignored (reached end-of-life)
artful_openhpi: ignored (reached end-of-life)
bionic_openhpi: needs-triage
cosmic_openhpi: ignored (reached end-of-life)
disco_openhpi: ignored (reached end-of-life)
eoan_openhpi: ignored (reached end-of-life)
focal_openhpi: needs-triage
groovy_openhpi: ignored (reached end-of-life)
hirsute_openhpi: ignored (reached end-of-life)
impish_openhpi: needs-triage
jammy_openhpi: needs-triage
devel_openhpi: needs-triage