CVE-2015-1038 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.8 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 86%

Affected Products (NVD)

Vendor	Product	Version
oracle	solaris	10.0
oracle	solaris	11.2
7-zip	p7zip	9.20.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

p7zip

bookworm	16.02+dfsg-8 fixed
bullseye	16.02+dfsg-8 fixed
sid	16.02+transitional.1 fixed
trixie	16.02+transitional.1 fixed

Ubuntu Releases

Ubuntu Product

Codename

p7zip

lucid	ignored
precise	Fixed 9.20.1~dfsg.1-4+deb7u1build0.12.04.1 released
trusty	Fixed 9.20.1~dfsg.1-4+deb7u1build0.14.04.1 released
utopic	Fixed 9.20.1~dfsg.1-4.1+deb8u1build0.14.10.1 released
vivid	Fixed 9.20.1~dfsg.1-4.1+deb8u1build0.15.04.1 released

Known Exploits!

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173245.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174245.html

http://lists.opensuse.org/opensuse-updates/2015-07/msg00000.html

http://www.debian.org/security/2015/dsa-3289

http://www.openwall.com/lists/oss-security/2015/01/11/2

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/71890

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660

https://bugzilla.redhat.com/show_bug.cgi?id=1179505

https://exchange.xforce.ibmcloud.com/vulnerabilities/99970

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173245.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174245.html

http://lists.opensuse.org/opensuse-updates/2015-07/msg00000.html

http://www.debian.org/security/2015/dsa-3289

http://www.openwall.com/lists/oss-security/2015/01/11/2

http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

http://www.securityfocus.com/bid/71890

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660

https://bugzilla.redhat.com/show_bug.cgi?id=1179505

https://exchange.xforce.ibmcloud.com/vulnerabilities/99970