CVE-2018-1079

Priority
Description
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation
via authorized user malicious REST call. The REST interface of the pcsd
service did not properly sanitize the file name from the /remote/put_file
query. If the /etc/booth directory exists, an authenticated attacker with
write permissions could create or overwrite arbitrary files with arbitrary
data outside of the /etc/booth directory, in the context of the pcsd
process.
Notes
msalvatorevulnerable code introduced in 0.9.157
Package
Source: pcs (LP Ubuntu Debian)
Upstream:released (0.9.164-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (vulnerable code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.9.164-1)
Ubuntu 20.04 LTS (Focal Fossa):not-affected (0.10.1-2)
More Information

Updated: 2020-07-28 20:03:28 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)