CVE Vulnerabilities

CVE-2017-5084

Improper Privilege Management

Published: Oct 27, 2017 | Modified: Nov 21, 2024
CVSS 3.x
3.3
LOW
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Inappropriate implementation in image-burner in Google Chrome OS prior to 59.0.3071.92 allowed a local attacker to read local files via dbus-send commands to a BurnImage D-Bus endpoint.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Chrome_os Google * 59.0.3071.92 (excluding)
Chromium-browser Ubuntu artful *
Chromium-browser Ubuntu bionic *
Chromium-browser Ubuntu cosmic *
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *
Chromium-browser Ubuntu xenial *
Chromium-browser Ubuntu yakkety *
Chromium-browser Ubuntu zesty *
Oxide-qt Ubuntu artful *
Oxide-qt Ubuntu esm-infra/xenial *
Oxide-qt Ubuntu trusty *
Oxide-qt Ubuntu vivid/stable-phone-overlay *
Oxide-qt Ubuntu xenial *
Oxide-qt Ubuntu yakkety *
Oxide-qt Ubuntu zesty *

Potential Mitigations

References