CVE-2018-1079

Priority
Description
pcs before version 0.9.164 and 0.10 is vulnerable to a privilege escalation
via authorized user malicious REST call. The REST interface of the pcsd
service did not properly sanitize the file name from the /remote/put_file
query. If the /etc/booth directory exists, an authenticated attacker with
write permissions could create or overwrite arbitrary files with arbitrary
data outside of the /etc/booth directory, in the context of the pcsd
process.
Notes
msalvatorevulnerable code introduced in 0.9.157
Package
Source: pcs (LP Ubuntu Debian)
Upstream:released (0.9.164-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (vulnerable code not present)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (0.9.164-1)
Ubuntu 19.04 (Disco Dingo):not-affected (0.10.1-2)
Ubuntu 19.10 (Eoan Ermine):not-affected (0.10.1-2)
Ubuntu 20.04 (Focal Fossa):not-affected (0.10.1-2)
More Information

Updated: 2019-12-17 15:16:00 UTC (commit 6ea392b50494f13baaab45be46a2d4259d0550f0)