CVE-2015-1378 | Vulnerability Database | Aqua Security

cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before 0.68.1, 0.7x before 0.78 is sourced without checking that the local directory is writable by non-root users.

Affected Software

Name	Vendor	Start Version	End Version
Grml-debootstrap	Grml	0.54 (including)	0.54 (including)
Grml-debootstrap	Grml	0.68 (including)	0.68 (including)
Grml-debootstrap	Grml	0.70 (including)	0.70 (including)
Grml-debootstrap	Grml	0.71 (including)	0.71 (including)
Grml-debootstrap	Grml	0.72 (including)	0.72 (including)
Grml-debootstrap	Grml	0.73 (including)	0.73 (including)
Grml-debootstrap	Grml	0.74 (including)	0.74 (including)
Grml-debootstrap	Grml	0.75 (including)	0.75 (including)
Grml-debootstrap	Grml	0.76 (including)	0.76 (including)
Grml-debootstrap	Grml	0.77 (including)	0.77 (including)

References

http://cve.killedkenny.io/cve/CVE-2015-1378
http://www.openwall.com/lists/oss-security/2015/01/27/17
https://github.com/grml/grml-debootstrap/issues/59
https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1378.html
https://security-tracker.debian.org/tracker/CVE-2015-1378/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1378
CWE	https://cwe.mitre.org/data/definitions/264.html