CVE-2017-6964
Description
dmcrypt-get-device, as shipped in the eject package of Debian and Ubuntu, does not check the return value of the (1) setuid or (2) setgid function, which might cause dmcrypt-get-device to execute code, which was intended to run as an unprivileged user, as root. This affects eject through 2.1.5+deb1+cvs20081104-13.1 on Debian, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1 on Ubuntu 16.10, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1 on Ubuntu 16.04 LTS, eject before 2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1 on Ubuntu 14.04 LTS, and eject before 2.1.5+deb1+cvs20081104-9ubuntu0.1 on Ubuntu 12.04 LTS.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.086
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-9ubuntu0.1_i386.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-9ubuntu0.1_amd64.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1_i386.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-13.1ubuntu0.14.04.1_amd64.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1_i386.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-13.1ubuntu0.16.04.1_amd64.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1_i386.deb | Linux |
| ejects CDs and operates CD-Changers under Linux (USN-3246-1) eject_2.1.5+deb1+cvs20081104-13.1ubuntu0.16.10.1_amd64.deb | Linux |
| eject security update(DSA-3823-1) eject_2.1.5+deb1+cvs20081104-13.1+deb8u1_i386.deb | Linux |
| eject security update(DSA-3823-1) eject_2.1.5+deb1+cvs20081104-13.1+deb8u1_amd64.deb | Linux |
| eject security update(DSA-3823-1) eject_2.1.5+deb1+cvs20081104-13.1+deb8u1_kfreebsd-i386.deb | Linux |
| eject security update(DSA-3823-1) eject_2.1.5+deb1+cvs20081104-13.1+deb8u1_kfreebsd-amd64.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234