CVE-2015-8326 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 19%

Affected Products (NVD)

Vendor	Product	Version
iptables-parse_project	iptables-parse_module	0.5
iptables-parse_project	iptables-parse_module	0.6
iptables-parse_project	iptables-parse_module	0.7
iptables-parse_project	iptables-parse_module	0.8
iptables-parse_project	iptables-parse_module	0.9
iptables-parse_project	iptables-parse_module	1.0
iptables-parse_project	iptables-parse_module	1.1
iptables-parse_project	iptables-parse_module	1.3
iptables-parse_project	iptables-parse_module	1.3.1
iptables-parse_project	iptables-parse_module	1.4
iptables-parse_project	iptables-parse_module	1.5
iptables-parse_project	iptables-parse_module	1.6
iptables-parse_project	iptables-parse_module	1.6.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libiptables-parse-perl

bookworm	1.6-3 fixed
bullseye	1.6-2 fixed
sid	1.6-3 fixed
squeeze	no-dsa
trixie	1.6-3 fixed

Ubuntu Releases

Ubuntu Product

Codename

libiptables-parse-perl

artful	not-affected
bionic	not-affected
cosmic	not-affected
precise	ignored
trusty	Fixed 1.1-1+deb8u1build0.14.04.1 released
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-59 - Improper Link Resolution Before File Access ('Link Following')
The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References

http://www.openwall.com/lists/oss-security/2015/11/24/10

https://bugzilla.redhat.com/show_bug.cgi?id=1267962

https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87

https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes

http://www.openwall.com/lists/oss-security/2015/11/24/10

https://bugzilla.redhat.com/show_bug.cgi?id=1267962

https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87

https://metacpan.org/source/MRASH/IPTables-Parse-1.6/Changes