CVE-2017-2390

An issue was discovered in certain Apple products. iOS before 10.3 is affected. macOS before 10.12.4 is affected. tvOS before 10.2 is affected. watchOS before 3.2 is affected. The issue involves symlink mishandling in the "libarchive" component. It allows local users to change arbitrary directory permissions via unspecified vectors.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 26%
VendorProductVersion
appleiphone_os
𝑥
≤ 10.2.1
applemac_os_x
𝑥
≤ 10.12.3
appletvos
𝑥
≤ 10.1.1
applewatchos
𝑥
≤ 3.1.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libarchive
artful
not-affected
zesty
ignored
yakkety
ignored
xenial
not-affected
trusty
not-affected
precise
ignored
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/97137
http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207601
https://support.apple.com/HT207602
https://support.apple.com/HT207615
https://support.apple.com/HT207617
http://www.securityfocus.com/bid/97137
http://www.securitytracker.com/id/1038138
https://support.apple.com/HT207601
https://support.apple.com/HT207602
https://support.apple.com/HT207615
https://support.apple.com/HT207617