scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
Weakness
The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Powerpc-utils | Powerpc-utils_project | - (including) | - (including) |
| Red Hat Enterprise Linux 7 | RedHat | powerpc-utils-python-0:1.2.1-9.el7 | * |
| Powerpc-utils | Ubuntu | lucid | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/111.html
- https://cwe.mitre.org/data/definitions/141.html
- https://cwe.mitre.org/data/definitions/142.html
- https://cwe.mitre.org/data/definitions/148.html
- https://cwe.mitre.org/data/definitions/218.html
- https://cwe.mitre.org/data/definitions/384.html
- https://cwe.mitre.org/data/definitions/385.html
- https://cwe.mitre.org/data/definitions/386.html
- https://cwe.mitre.org/data/definitions/387.html
- https://cwe.mitre.org/data/definitions/388.html
- https://cwe.mitre.org/data/definitions/665.html
- https://cwe.mitre.org/data/definitions/701.html
References
- http://rhn.redhat.com/errata/RHSA-2016-2607.html
- http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/
- http://www.openwall.com/lists/oss-security/2015/02/09/4
- http://www.securityfocus.com/bid/72537
- https://bugzilla.redhat.com/show_bug.cgi?id=1073139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100788
- http://rhn.redhat.com/errata/RHSA-2016-2607.html
- http://sourceforge.net/p/powerpc-utils/mailman/message/32884230/
- http://www.openwall.com/lists/oss-security/2015/02/09/4
- http://www.securityfocus.com/bid/72537
- https://bugzilla.redhat.com/show_bug.cgi?id=1073139
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100788