CVE-2015-0796

In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before 2.4.8 the source service patch application could generate non-standard files like symlinks or device nodes, which could allow buildservice users to break of confinement or cause denial of service attacks on the source service.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
microfocusCNA
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
VendorProductVersion
opensuseopen_buildservice
2.4 ≤
𝑥
< 2.4.8
opensuseopen_buildservice
2.5 ≤
𝑥
< 2.5.7
opensuseopen_buildservice
2.6 ≤
𝑥
< 2.6.3
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
open-build-service
bookworm
2.9.4-9
fixed
sid
2.9.4-10
fixed
trixie
2.9.4-10
fixed
Common Weakness Enumeration
References
https://bugzilla.suse.com/show_bug.cgi?id=941099
https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc
https://bugzilla.suse.com/show_bug.cgi?id=941099
https://github.com/openSUSE/open-build-service/commit/474a3db19498765f0118ba3dbc0b1cc90b0097fc