CVE-2015-3643

EUVD-2015-3681
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
usb-creator_projectusb-creator
𝑥
≤ 0.2.38.3
usb-creator_projectusb-creator
𝑥
≤ 0.2.56.3
usb-creator_projectusb-creator
𝑥
≤ 0.2.62ubuntu0.2
usb-creator_projectusb-creator
𝑥
≤ 0.2.67
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
usb-creator
precise
Fixed 0.2.38.3ubuntu0.1
released
trusty
Fixed 0.2.56.3ubuntu0.1
released
utopic
Fixed 0.2.62ubuntu0.3
released
vivid
Fixed 0.2.67ubuntu0.1
released
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/04/22/12
http://www.openwall.com/lists/oss-security/2015/05/04/3
http://www.securityfocus.com/bid/74304
https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470
https://usn.ubuntu.com/usn/usn-2576-1/
https://usn.ubuntu.com/usn/usn-2576-2/
https://www.exploit-db.com/exploits/36820/
http://www.openwall.com/lists/oss-security/2015/04/22/12
http://www.openwall.com/lists/oss-security/2015/05/04/3
http://www.securityfocus.com/bid/74304
https://bazaar.launchpad.net/~usb-creator-hackers/usb-creator/trunk/revision/470
https://usn.ubuntu.com/usn/usn-2576-1/
https://usn.ubuntu.com/usn/usn-2576-2/
https://www.exploit-db.com/exploits/36820/