CVE-2017-9772

Insufficient sanitisation in the OCaml compiler versions 4.04.0 and 4.04.1 allows external code to be executed with raised privilege in binaries marked as setuid, by setting the CAML_CPLUGINS, CAML_NATIVE_CPLUGINS, or CAML_BYTE_CPLUGINS environment variable.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
Affected Products (NVD)
VendorProductVersion
ocamlocaml
4.04.0
ocamlocaml
4.04.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ocaml
bookworm
4.13.1-4
fixed
bullseye
4.11.1-4
fixed
sid
5.2.0-3
fixed
trixie
5.2.0-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ocaml
artful
ignored
bionic
not-affected
cosmic
not-affected
disco
not-affected
trusty
not-affected
xenial
not-affected
yakkety
ignored
zesty
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
ocaml
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-compiler-libs
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-compiler-libs-devel
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-ocamldoc
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
ocaml-rpm-macros
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
ocaml-runtime
suse enterprise desktop 15
4.05.0-4.25
fixed
suse enterprise desktop 15 SP1
4.05.0-4.25
fixed
suse enterprise desktop 15 SP2
4.05.0-13.5
fixed
suse enterprise desktop 15 SP3
4.05.0-13.5
fixed
suse enterprise desktop 15 SP4
4.05.0-13.5
fixed
suse enterprise desktop 15 SP5
4.05.0-13.5
fixed
suse enterprise desktop 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise desktop 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise sap 15
4.05.0-4.25
fixed
suse enterprise sap 15 SP1
4.05.0-4.25
fixed
suse enterprise sap 15 SP2
4.05.0-13.5
fixed
suse enterprise sap 15 SP3
4.05.0-13.5
fixed
suse enterprise sap 15 SP4
4.05.0-13.5
fixed
suse enterprise sap 15 SP5
4.05.0-13.5
fixed
suse enterprise sap 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise sap 15 SP7
4.14.2-150600.1.2
fixed
suse enterprise server 15
4.05.0-4.25
fixed
suse enterprise server 15 SP1
4.05.0-4.25
fixed
suse enterprise server 15 SP2
4.05.0-13.5
fixed
suse enterprise server 15 SP3
4.05.0-13.5
fixed
suse enterprise server 15 SP4
4.05.0-13.5
fixed
suse enterprise server 15 SP5
4.05.0-13.5
fixed
suse enterprise server 15 SP6
4.14.2-150600.1.2
fixed
suse enterprise server 15 SP7
4.14.2-150600.1.2
fixed
References
http://www.securityfocus.com/bid/99277
https://caml.inria.fr/mantis/view.php?id=7557
https://security.gentoo.org/glsa/201710-07
https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html
http://www.securityfocus.com/bid/99277
https://caml.inria.fr/mantis/view.php?id=7557
https://security.gentoo.org/glsa/201710-07
https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html