Candidate: CVE-2018-1079
PublicDate: 2018-04-12 17:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1079
 http://www.openwall.com/lists/oss-security/2018/04/09/2
Description:
 pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation
 via authorized user malicious REST call. The REST interface of the pcsd
 service did not properly sanitize the file name from the /remote/put_file
 query. If the /etc/booth directory exists, an authenticated attacker with
 write permissions could create or overwrite arbitrary files with arbitrary
 data outside of the /etc/booth directory, in the context of the pcsd
 process.
Ubuntu-Description:
Notes:
 msalvatore> vulnerable code introduced in 0.9.157
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895314
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_pcs:
upstream_pcs: released (0.9.164-1)
precise/esm_pcs: DNE
trusty_pcs: DNE
trusty/esm_pcs: DNE
xenial_pcs: not-affected (vulnerable code not present)
artful_pcs: ignored (reached end-of-life)
bionic_pcs: not-affected (0.9.164-1)
cosmic_pcs: ignored (reached end-of-life)
disco_pcs: not-affected (0.10.1-2)
eoan_pcs: not-affected (0.10.1-2)
devel_pcs: not-affected (0.10.1-2)